The fallout continues from last year's major data breaches at Target and Neiman Marcus. The U.S. Congress, state agencies, retailers and consumer advocacy groups are now locked in a larger debate about data security and consumers' right to know when their data may be at risk — and if a national notification standard makes sense, according to the Associated Press.
The larger of the breaches, Target, exposed an estimated 40 million customer credit and debit card accounts to hackers, but the retail giant kept customers in the dark for several days. Why the delay? Lacking national regulations for how (and how quickly) consumers must be notified, retailers are left to sort though a puzzling patchwork of state regulations.
The Consumer Perspective
"From industry's perspective, whether you're a bank or a merchant, you don't want to have to notify consumers," Ed Mierzwinski, consumer program director at the U.S. Public Interest Research Group, tells the AP. "They want to pre-empt, or override, the best state laws." Some states are lenient on retailers and only require them to give notice on cases that could result in financial harm, such as when debit or credit card information is exposed.
Other states, such as California, have rigorous laws that require businesses and state agencies to notify state residents when any data is breached. Many state and consumer advocacy groups are reticent to weaken existing protections in states with the strongest laws by adopting a national standard.
The Retailer Perspective
Many retailers, on the other hand, support a federal standard, with one caveat: They would prefer to only notify consumers when sensitive information, such as financial records, has been exposed. "There are different kinds of data. There's data that can lead to an identity theft (or) financial fraud, and there's data that probably doesn't have much utility to the criminals," says David French, senior vice president for government relations at the National Retail Federation. "If you get 20 notices a month, at some point you just turn it off."
H/T Associated Press
[Image via Crafsty]
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.