|
Madigan: Federal Data Breach Law should
not weaken States’ consumer protections
Madigan Testifies in D.C. as Congress
Considers Data Breach Notification Law
Send a link to a friend
[February 06, 2015]
WASHINGTON
- Following what has been termed “The Year of the Data Breach,”
Attorney General Lisa Madigan today testified before the U.S.
Senate, calling on Congress to enact a strong, meaningful federal
data breach notification law that provides greater transparency for
data breach victims and regulators to better understand what
information was compromised in a breach, how it occurred and whether
adequate security measures were in place to protect customer
information.
|
|
 “Congress should seek to pass legislation that ensures
notification of breaches that can harm Americans,” Madigan said. “A
weak national law that restricts what most state laws have long
provided will not meet Americans’ increasing and rightful
expectation that they be informed when their information has been
stolen.”
Madigan testified earlier today before the Senate’s Subcommittee on
Commerce, Science and Transportation in a hearing titled “Getting it
Right on Data Breach and Notification Legislation in the 114th
Congress.” The epidemic of data breaches has grown over the past
decade, now affecting almost every American consumer and inflicting
billions of dollars of damage to the U.S. economy. Since 2005,
almost 4,500 publicly known breaches have affected over 900 million
consumer records. In 2013 alone, Madigan’s office saw a 1,600
percent increase in data breach complaints compared to the year
before.
 Madigan called on members of the subcommittee to authorize a federal
agency to investigate large, sophisticated data breaches, akin to
the National Transportation Safety Board’s role in aviation
accidents. A single federal entity authorized to investigate data
breaches would provide expertise in data security for the country to
better protect American consumers.
The Attorney General also testified that a federal data breach law
must cover a broad range of sensitive data – not just social
security numbers or stolen credit card numbers but also: online
login credentials, medical information shared on the internet that
is outside the scope of current privacy regulations, biometric data,
and geolocation data. Companies must be required to report any data
breach involving this type of personal information, Madigan said.
Equally as important as Congress considers a federal data breach
notification law, Madigan said, is the ability for state regulators
to continue investigating data breaches at the state level.
[to top of second column] |
Federal legislation must not preempt the states’ ability to
respond and act when data breaches affect residents in their
states. Any preemption by Congress must only provide a “floor”
for reporting requirements and preserve a state’s ability to use
its consumer protection laws to investigate data security
practices and enforce federal law. Attorney General Madigan
has launched numerous investigations into whether businesses and
health care providers are adequately protecting consumers’ data. She
is currently leading investigations into large data breaches
reported since 2013 including Target and Neiman Marcus. In 2005,
Madigan led the effort to enact a state law to require companies to
promptly notify their customers of data breaches to ensure consumers
know when their sensitive data has been compromised. The Attorney
General also supports her office’s Identity Theft Unit, which staffs
a statewide hotline (1-866-999-5630) to provide one-on-one
assistance to victims of identity theft and data breaches. The ID
Theft Unit has helped reverse over $27 million worth of fraudulent
charges on over 37,000 Illinois consumers’ accounts.
For more information, read
Attorney General Madigan’s written testimony from the hearing.
[From the Office of Attorney General
Lisa Madigan]
 |
