business news in context, analysis with attitude

The Washington Post reports that the US Congress is likely to take up legislation this year that would strengthen consumer protections in the event of security breaches that put their personal data at risk. One of the possibilities is that companies could be encouraged or even forced to secure data “with encryption software or other technology that would render it virtually unreadable if it fell into the wrong hands.”

According to the story, “While more than 30 states have laws requiring companies to alert residents of data breaches, most of the statutes let the affected company delay notifying banks while law enforcement agencies investigate.” Rep. Barney Frank (D-Massachusetts), chairman of the House Financial Services Committee, tells the Post that “retailers should be required to notify banks that issued the compromised credit card accounts so that financial institutions can issue customers new cards before fraud occurs.”

At least part of the impetus for the legislation is the theft that occurred at TJX, which runs T.J. Maxx, Marshalls, and other stores, where a hacker broke into its computer system, potentially stealing millions of customer credit card and debit card numbers as well as driver’s license information.

According to the Post, “There have been more than 100 million instances in which Americans have had their personal data compromised due to data breaches or mishaps, according to the Privacy Rights Clearinghouse, a consumer group in San Diego.”

The Post notes that consumer privacy legislation also has to walk a political minefield before being passed and signed into law, since “the Bush administration has come under heavy fire from privacy advocates for its data mining initiatives and for pressuring Internet service providers to dramatically extend the length of time that they retain records of their customers' online activities.”
KC's View:
We think that a law that a) forces all institutions, whether retailers or banks, to instantly inform consumers when their personal data has been compromised, and b) mandates the use of encryption software that renders such data to be virtually unusable, sounds like an excellent idea.

If we run for president next year – and we’re considering it, since pretty much everyone else seems to be running – that will be one of the planks in our platform.