|
Madigan: Federal Data
Breach Law should not weaken States’ consumer
protections
Madigan Testifies in D.C. as
Congress Considers Data Breach Notification Law
Send a link to a friend
[February 06, 2015]
WASHINGTON
- Following what has been termed “The Year of the Data Breach,” Attorney
General Lisa Madigan today testified before the U.S. Senate, calling on
Congress to enact a strong, meaningful federal data breach notification
law that provides greater transparency for data breach victims and
regulators to better understand what information was compromised in a
breach, how it occurred and whether adequate security measures were in
place to protect customer information.
|
|
 “Congress should seek to pass legislation that ensures notification
of breaches that can harm Americans,” Madigan said. “A weak national
law that restricts what most state laws have long provided will not
meet Americans’ increasing and rightful expectation that they be
informed when their information has been stolen.”
Madigan testified earlier today before the Senate’s Subcommittee on
Commerce, Science and Transportation in a hearing titled “Getting it
Right on Data Breach and Notification Legislation in the 114th
Congress.” The epidemic of data breaches has grown over the past
decade, now affecting almost every American consumer and inflicting
billions of dollars of damage to the U.S. economy. Since 2005,
almost 4,500 publicly known breaches have affected over 900 million
consumer records. In 2013 alone, Madigan’s office saw a 1,600
percent increase in data breach complaints compared to the year
before.
Madigan called on members of the subcommittee to authorize a federal
agency to investigate large, sophisticated data breaches, akin to
the National Transportation Safety Board’s role in aviation
accidents. A single federal entity authorized to investigate data
breaches would provide expertise in data security for the country to
better protect American consumers.
The Attorney General also testified that a federal data breach law
must cover a broad range of sensitive data – not just social
security numbers or stolen credit card numbers but also: online
login credentials, medical information shared on the internet that
is outside the scope of current privacy regulations, biometric data,
and geolocation data. Companies must be required to report any data
breach involving this type of personal information, Madigan said.
Equally as important as Congress considers a federal data breach
notification law, Madigan said, is the ability for state regulators
to continue investigating data breaches at the state level.
[to top of second column] |
Federal legislation must not preempt the states’ ability to respond
and act when data breaches affect residents in their states. Any
preemption by Congress must only provide a “floor” for reporting
requirements and preserve a state’s ability to use its consumer
protection laws to investigate data security practices and enforce
federal law. Attorney General Madigan has launched numerous
investigations into whether businesses and health care providers are
adequately protecting consumers’ data. She is currently leading
investigations into large data breaches reported since 2013
including Target and Neiman Marcus. In 2005, Madigan led the effort
to enact a state law to require companies to promptly notify their
customers of data breaches to ensure consumers know when their
sensitive data has been compromised. The Attorney General also
supports her office’s Identity Theft Unit, which staffs a statewide
hotline (1-866-999-5630) to provide one-on-one assistance to victims
of identity theft and data breaches. The ID Theft Unit has helped
reverse over $27 million worth of fraudulent charges on over 37,000
Illinois consumers’ accounts.
For more information, read
Attorney General Madigan’s written testimony from the hearing.
[From the Office of Attorney General
Lisa Madigan]
 |
