News...
                        sponsored by

Madigan: Congress must act to protect consumers from data breaches

Attorney general testifies in D.C., calling for comprehensive legislation to address epidemic of data breaches

Send a link to a friend 

[February 06, 2014]  WASHINGTON Attorney General Lisa Madigan testified on Wednesday before the U.S. House of Representatives Subcommittee on Commerce, Manufacturing and Trade about her investigations into widespread data breaches reported by retailers in recent months. These data breaches have affected millions of American consumers. Madigan called on Congress to immediately take steps at the federal level to better protect consumers' personal information.

"Over the past decade, we have faced an epidemic of data breaches that has affected almost every American and has inflicted billions of dollars of damage to our economy," Madigan said. "The recent breaches have served as a wake-up call that government and the private sector need to take serious, meaningful action to curb this growing threat to our financial security."

Madigan testified on Capitol Hill in a hearing titled "Protecting Consumer Information: Can Data Breaches Be Prevented?" Madigan and the Connecticut attorney general's office are currently leading a multistate investigation into the recent Target, Neiman Marcus and Michaels Stores breaches.

Madigan said the epidemic of data breaches has grown over the past decade. Since 2005, there have been over 4,000 data breaches nationally and 733 million records compromised.

In response, the attorney general has launched numerous investigations into whether businesses and health care companies are adequately protecting consumers' data. In 2005, her office worked to enact a state law to require companies to promptly notify their customers of data breaches, to ensure consumers know when their sensitive data has been compromised. In 2006, she launched her office's Identity Theft Unit, which staffs a statewide hotline, 1-866-999-5630, to provide one-on-one assistance to victims of identity theft and data breaches. After receiving more than 40,000 requests for assistance, the ID Theft Unit has helped reverse more than $26 million worth of fraudulent charges on consumers' accounts.

Madigan said past investigations by her office into data breaches have indicated that companies have repeatedly failed to take basic steps to protect Illinois consumers' information, maintaining consumer data without encryption, failing to install updated security patches for known software vulnerabilities and retaining data longer than necessary.

[to top of second column]

The attorney general urged Congress to take action to better protect American consumers by adopting federal standards that, while not pre-empting state law, will require companies to:

  • Adopt reasonable data security practices.

  • Only collect from consumers the information that is necessary for legitimate business needs.

  • Delete consumer data as soon as it is no longer needed.

  • Notify consumers in a timely manner when a data breach occurs.

Madigan also called on members of the subcommittee to authorize a federal agency to investigate large, sophisticated data breaches, akin to the National Transportation Safety Board's role in aviation accidents.

For more information, read Madigan's written testimony (PDF) from the hearing.

[Text from file received from the office of Illinois Attorney General Lisa Madigan]

Related article: Lawmakers hear warnings of U.S. companies' lax data security

< Top Stories index

Back to top