digital cyber security key concept

Attorney General Holder Calls on Congress to Establish Strong National Data Breach Notification Standard

Attorney General Holder Calls on Congress to Establish Strong National Data Breach Notification Standard

February 25, 2014

Attorney General Holder Calls on Congress to Establish Strong National Data Breach Notification Standard

By: Michelle Cohen

By Michelle Cohen, CIPP-US

Yesterday, in his weekly video address, Attorney General Eric Holder urged Congress to create a national data breach notification standard requiring companies to quickly notify consumers of a breach of their personal or financial information.  In the wake of the high profile holiday season data breaches at retailers Target and Neiman Marcus, Holder stated that the Department of Justice and the U.S. Secret Service continue to work to investigate hacking and cybercrimes. However, Holder believes that Congress should act to establish a federal notification requirement to protect consumers.  Holder’s video address is available here .

Currently, at least forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have laws requiring private or government entities to notify individuals of security breaches of information involving personally identifiable information.  As might be expected, the laws vary widely from state to state, particularly in the timing requirement for the breach notifications.  Most laws allow delay to accommodate a law enforcement investigation.

Some states require notification as soon as reasonably practicable.  Others require notification within 45 days.  Yet organizations have faced lawsuits for failing to notify on a timely basis, even where there is no set standard.  This presents a difficult situation for companies.  Organizations need to investigate a data breach and determine the type of information affected, who was affected (and thus needs to be notified), and importantly, whether the breach is ongoing such that the company must immediately implement remedial measures.

Attorney General Holder believes Congress should set a national standard that will better protect consumers. Holder asserts that a federal requirement should enable law enforcement to investigate the data breaches quickly and to hold organizations accountable when they fail to protect personal and financial information. Holder’s video message did include a reference that this requirement should create “reasonable exemptions” for companies to avoid creating unnecessary burdens.

The Target and Neiman Marcus data breaches have certainly raised the profile of cybersecurity issues on Capitol Hill, with several bills having been introduced in recent weeks addressing data breaches.  While the states certainly took the lead in protecting consumers by enacting data breach laws over the past several years, a properly-crafted national standard could provide more consistent guidance for industry and a uniform rule for consumers irrespective of their home states.  Should Congress move forward on a data breach law, reasonable accommodations need to be made for companies to have time to investigate data breaches, to determine scope, persons affected, and the type of information affected.  A national standard setting forth a notification deadline would also presumably alleviate the “rush to the courthouse” from the plaintiff’s bar with data breach notification timing allegations.  

Michelle Cohen

Michelle Cohen

At Ifrah Law, Michelle’s practice focuses on helping clients establish powerful and enduring relationships with their customers and prospects while remaining compliant with state and federal law governing privacy and advertising laws and regulations.

Related Practice(s)
Other Posts
Will Free Speech Become Expensive for Big Tech?
Dec 2, 2024

Will Free Speech Become Expensive for Big Tech?

By: James Trusty
Dolce Vita Ruling a Win for Cookies and Pixels Alike
Nov 21, 2024

Dolce Vita Ruling a Win for Cookies and Pixels Alike

By: Robert Ward
What are cookie consents and do you really need them on your website?
Oct 15, 2024

What are cookie consents and do you really need them on your website?

By: Nicole Kardell
FTC Adds COPPA Violations to the Growing List of Privacy Concerns While TikTok is on the Clock
Aug 13, 2024

FTC Adds COPPA Violations to the Growing List of Privacy Concerns While TikTok is on the Clock

By: Jordan Briggs

Subscribe to Ifrah Law’s Insights