Attorney General Eric Holder urged Congress on Monday to pass legislation that would require companies to follow national standards for notifying their customers when struck by a malicious data breach.
A national reporting standard “would empower the American people to protect themselves if they are at risk of identity theft,” Holder said in his weekly video message. “It would enable law enforcement to better investigate these crimes — and hold compromised entities accountable when they fail to keep sensitive information safe.”
Holder cited the recent data thefts at major national retail chains, including Target and Neiman Marcus, that left names, emails, and phone numbers of tens of millions of Americans exposed, adding that “these crimes are becoming all too common.”
Currently, 46 states and the District of Columbia own varying notification-standard laws, a patchwork system that has left many retailers and consumers alike frustrated. The National Retail Federation has long supported a national reporting standard.
Earlier this month, Congress convened a barrage of data-breach hearings in both chambers. Executives from Target and Neiman Marcus testified, as did Federal Trade Commission Chairwoman Edith Ramirez, who also pushed lawmakers to enact breach-notification legislation.
But many Democrats are also advocating granting the FTC enhanced authority to fine companies that don’t do enough to protect customer data, an idea the commission also supports. Republicans, meanwhile, are concerned about implementing intrusive regulation on the private sector, despite many businesses urging Congress to do so.