The National  Memo Logo

Smart. Sharp. Funny. Fearless.

Monday, December 09, 2019 {{ new Date().getDay() }}

By Daniel Rothberg, Tribune Washington Bureau

WASHINGTON — After a spate of large-scale cyberattacks on retailers, Attorney General Eric H. Holder Jr. urged Congress to adopt a national standard for notifying consumers of a security breach.
Holder said creating such a law would bolster the Justice Department’s ability to combat crimes and hold organizations accountable for failing to protect private information.

The announcement Monday comes just weeks after lawmakers called for tighter notification standards during congressional hearings into recent commercial cyberattacks, including high-profile cases at Target Corp. and Neiman Marcus. Several legislators, including Senators Patrick Leahy (D-VT) and Dianne Feinstein (D-CA), have recently introduced bills on the issue.

During the holiday season, an attack on Target’s systems compromised the security of 40 million payment card numbers as well as the names, addresses and phone numbers of as many as 70 million customers. The Justice Department and Secret Service are investigating the incident.

Not long after the Target attack, executives at upscale retailer Neiman Marcus discovered malware on its system had exposed as many as 1.1 million payment cards.

Holder said a notification standard would benefit consumers and law enforcement.

“This would empower the American people to protect themselves if they are at risk of identity theft,” he said in a video statement. “It would enable law enforcement to better investigate these crimes — and hold compromised entities accountable when they fail to keep sensitive information safe.”

Exceptions to the notification standard would be made for harmless security breaches, Holder said.

Forty-six states and the District of Columbia have laws that dictate standards for disclosing a breach. Some state attorneys general and consumer advocates have voiced concerns that a federal law might preempt stricter state laws.

Illinois Attorney General Lisa Madigan warned of just that in testimony before a House subcommittee. Madigan said her constituents do not want the state’s law pre-empted but instead are “asking why companies are not doing more to protect their personal and financial information and prevent these breaches from occurring in the first place.”

Consumer advocate Ed Mierzwinski said in an interview that he’s encouraged that Holder is engaged on the issue but cautions against passing a law that is weaker than the strongest state law. Another concern, he said, is that a federal law could prevent states from acting on future data security legislation.

But the National Retail Federation argues that for businesses that currently must comply with a patchwork of laws, one pre-emptive law would greatly simplify the notification process.

In written testimony Feb. 3, the retail trade group’s general counsel, Mallory Duncan, said a federal standard would allow businesses “to focus their resources on remedying the breach and notifying consumers rather than hiring outside legal assistance to help guide them through the myriad and sometimes conflicting set of 50 data breach notification standards in the state and federal jurisdictions.”

AFP Photo/Al Seib

Advertising

Start your day with National Memo Newsletter

Know first.

The opinions that matter. Delivered to your inbox every morning

President Joe Biden

The price of gasoline is not Joe Biden's fault, nor did it break records. Adjusted for inflation, it was higher in 2008 when Republican George W. Bush was president. And that wasn't Bush's fault, either.

We don't have to like today's inflation, but that problem, too, is not Biden's doing. Republicans are nonetheless hot to pin the rap on him. Rising prices, mostly tied to oil, have numerous causes. There would be greater supply of oil and gas, they say, if Biden were more open to approving pipelines and more drilling on public land.

Keep reading... Show less
Youtube Screenshot

Heat deaths in the U.S. peak in July and August, and as that period kicks off, a new report from Public Citizen highlights heat as a major workplace safety issue. With basically every year breaking heat records thanks to climate change, this is only going to get worse without significant action to protect workers from injury and death.

The Occupational Safety and Health Administration admits that government data on heat-related injury, illness, and death on the job are “likely vast underestimates.” Those vast underestimates are “about 3,400 workplace heat-related injuries and illnesses requiring days away from work per year from 2011 to 2020” and an average of 40 fatalities a year. Looking deeper, Public Citizen found, “An analysis of more than 11 million workers’ compensation injury reports in California from 2001 through 2018 found that working on days with hotter temperatures likely caused about 20,000 injuries and illnesses per year in that state, alone—an extraordinary 300 times the annual number injuries and illnesses that California OSHA (Cal/OSHA) attributes to heat.”

Keep reading... Show less
{{ post.roar_specific_data.api_data.analytics }}