Madigan: Congress must act to protect
consumers from data breaches
Attorney general testifies in D.C., calling
for comprehensive legislation to address epidemic of data breaches
Send a link to a friend
[February 06, 2014]
WASHINGTON — Attorney General Lisa Madigan
testified on Wednesday before the U.S. House of Representatives
Subcommittee on Commerce, Manufacturing and Trade about her
investigations into widespread data breaches reported by retailers
in recent months. These data breaches have affected millions of
American consumers. Madigan called on Congress to immediately take
steps at the federal level to better protect consumers' personal
"Over the past decade, we have faced an epidemic of data breaches
that has affected almost every American and has inflicted billions
of dollars of damage to our economy," Madigan said. "The recent
breaches have served as a wake-up call that government and the
private sector need to take serious, meaningful action to curb this
growing threat to our financial security."
Madigan testified on
Capitol Hill in a hearing titled "Protecting Consumer Information:
Can Data Breaches Be Prevented?" Madigan and the Connecticut
attorney general's office are currently leading a multistate
investigation into the recent Target, Neiman Marcus and Michaels
Madigan said the epidemic of data breaches has grown over the
past decade. Since 2005, there have been over 4,000 data breaches
nationally and 733 million records compromised.
In response, the attorney general has launched numerous
investigations into whether businesses and health care companies are
adequately protecting consumers' data. In 2005, her office worked to
enact a state law to require companies to promptly notify their
customers of data breaches, to ensure consumers know when their
sensitive data has been compromised. In 2006, she launched her
office's Identity Theft Unit, which staffs a statewide hotline,
1-866-999-5630, to provide one-on-one assistance to victims of
identity theft and data breaches. After receiving more than 40,000
requests for assistance, the ID Theft Unit has helped reverse more
than $26 million worth of fraudulent charges on consumers' accounts.
Madigan said past investigations by her office into data breaches
have indicated that companies have repeatedly failed to take basic
steps to protect Illinois consumers' information, maintaining
consumer data without encryption, failing to install updated
security patches for known software vulnerabilities and retaining
data longer than necessary.
[to top of second column]
The attorney general urged Congress to take action to better protect
American consumers by adopting federal standards that, while not
pre-empting state law, will require companies to:
data security practices.
Only collect from
consumers the information that is necessary for legitimate
data as soon as it is no longer needed.
Notify consumers in a timely manner
when a data breach occurs.
Madigan also called on members of the subcommittee to authorize a
federal agency to investigate large, sophisticated data breaches,
akin to the National Transportation Safety Board's role in aviation
For more information, read Madigan's
written testimony (PDF) from the hearing.
[Text from file received from the office of
Illinois Attorney General Lisa
Lawmakers hear warnings of U.S. companies' lax data