digital cyber security key concept

Attorney General Holder Calls on Congress to Establish Strong National Data Breach Notification Standard

Attorney General Holder Calls on Congress to Establish Strong National Data Breach Notification Standard

February 25, 2014

Attorney General Holder Calls on Congress to Establish Strong National Data Breach Notification Standard

By: Michelle Cohen

By Michelle Cohen, CIPP-US

Yesterday, in his weekly video address, Attorney General Eric Holder urged Congress to create a national data breach notification standard requiring companies to quickly notify consumers of a breach of their personal or financial information.  In the wake of the high profile holiday season data breaches at retailers Target and Neiman Marcus, Holder stated that the Department of Justice and the U.S. Secret Service continue to work to investigate hacking and cybercrimes. However, Holder believes that Congress should act to establish a federal notification requirement to protect consumers.  Holder’s video address is available here .

Currently, at least forty-six states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have laws requiring private or government entities to notify individuals of security breaches of information involving personally identifiable information.  As might be expected, the laws vary widely from state to state, particularly in the timing requirement for the breach notifications.  Most laws allow delay to accommodate a law enforcement investigation.

Some states require notification as soon as reasonably practicable.  Others require notification within 45 days.  Yet organizations have faced lawsuits for failing to notify on a timely basis, even where there is no set standard.  This presents a difficult situation for companies.  Organizations need to investigate a data breach and determine the type of information affected, who was affected (and thus needs to be notified), and importantly, whether the breach is ongoing such that the company must immediately implement remedial measures.

Attorney General Holder believes Congress should set a national standard that will better protect consumers. Holder asserts that a federal requirement should enable law enforcement to investigate the data breaches quickly and to hold organizations accountable when they fail to protect personal and financial information. Holder’s video message did include a reference that this requirement should create “reasonable exemptions” for companies to avoid creating unnecessary burdens.

The Target and Neiman Marcus data breaches have certainly raised the profile of cybersecurity issues on Capitol Hill, with several bills having been introduced in recent weeks addressing data breaches.  While the states certainly took the lead in protecting consumers by enacting data breach laws over the past several years, a properly-crafted national standard could provide more consistent guidance for industry and a uniform rule for consumers irrespective of their home states.  Should Congress move forward on a data breach law, reasonable accommodations need to be made for companies to have time to investigate data breaches, to determine scope, persons affected, and the type of information affected.  A national standard setting forth a notification deadline would also presumably alleviate the “rush to the courthouse” from the plaintiff’s bar with data breach notification timing allegations.  

Michelle Cohen

Michelle Cohen

At Ifrah Law, Michelle’s practice focuses on helping clients establish powerful and enduring relationships with their customers and prospects while remaining compliant with state and federal law governing privacy and advertising laws and regulations.

Related Practice(s)
Other Posts
Ready, Set, Go: More States Adopt Privacy Laws
Mar 21, 2024

Ready, Set, Go: More States Adopt Privacy Laws

By: Nicole Kardell
OpenAI’s Legal Troubles Mount as New York Times Lawsuit Escalates Alongside SEC Investigation
Mar 4, 2024

OpenAI’s Legal Troubles Mount as New York Times Lawsuit Escalates Alongside SEC Investigation

By: Jake Gray
Ding Dong – The Police Want Access to Your Doorbell Footage. Can They Get It?
Feb 16, 2024

Ding Dong – The Police Want Access to Your Doorbell Footage. Can They Get It?

By: Abbey Block
2024, AI, and the Harnessing of the Wild West
Jan 10, 2024

2024, AI, and the Harnessing of the Wild West

By: Nicole Kardell

Subscribe to Ifrah Law’s Insights