After Target Breach, Senate Introduces Data Security Act

Sens. Tom Carper (D-Del.) and Roy Blunt (R-Mo.) are taking aim at retailers with new legislation intended to improve safeguards for consumer information, following recent revelations about data breaches at Target Corp. and Neiman Marcus Group Ltd.

The Data Security Act [PDF], which the bipartisan duo introduced Wednesday, would require companies that accept credit or debit card payments to have policies and procedures in place to protect consumer data from hackers and act on breaches when they occur. Under the bill, businesses would have to investigate breaches and work to secure the data targeted by hackers.

Companies also would have to tell their customers and federal authorities about any breaches. And if a breach involves at least 5,000 customers, businesses must notify credit-reporting agencies, too.

The senators, who introduced similar legislation in the last Congress, said the measure would provide clarity to companies, which currently must comply with a variety of state laws on breaches. The District of Columbia, Guam, Puerto Rico, the Virgin Islands and 46 states all have differing statutes that concern breach notifications, according to the National Conference of State Legislatures.

“As the recent incidents involving Target and Neiman Marcus remind us, major data breaches that compromise consumers’ identities and financial security are becoming more routine,” Carper said in a written statement. “These recent breaches, and others before them, underscore the need for Congress to act to protect Americans against fraud and identity theft.”

The National Retail Federation, the leading trade group for domestic retailers, expressed concern about the bill.

David French, the group’s senior vice president for government relations, said the measure needs to address the U.S. bankcard industry, which he said favors magnetic-stripe cards over more secure PIN-and-chip technology.

“While the Data Security bill aims to protect consumer data, the bill carves out banks, card companies and others financial institutions, the very parties who have been primarily responsible for sustaining the currently-flawed system,” French said in a written statement. “The National Retail Federation looks forward to working with lawmakers as the process moves forward.”

The legislation follows mounting concern in Congress about the security of consumer information.

Sen. Patrick Leahy (D-Vt.), the Senate Judiciary Committee’s chairman, last week introduced the Personal Data Privacy and Security Act, a breach measure that he has offered in each of the past four Congresses. Leahy said he plans to hold a hearing this year on breaches.

In the House of Representatives, Rep. Lee Terry (R-Neb.), chairman of the Commerce, Manufacturing, and Trade Subcommittee of the Energy and Commerce Committee, intends to have a hearing in the first week of February on breaches. Officials from law enforcement agencies and Target will be among the witnesses.

Target on Jan. 10 revealed that as many as 110 million customers may have had their personal information stolen during the holiday shopping season. When the company first confirmed the breach on Dec. 19, it said the breach may have exposed as many as 40 million customers to fraud.

On Jan. 10, Neiman Marcus also confirmed that a breach occurred. But the luxury retailer has yet to say when the breach happened and how many customers it may have affected.

The Dec. 19 acknowledgement from Target and the Jan. 10 confirmation from Neiman both came after reports from data and security blog KrebsOnSecurity ( Target here and Neiman here).

Both of the companies have said they are taking steps to notify customers about the breaches and are working with law enforcement authorities.

“The security of our customers’ information is always a priority and we sincerely regret any inconvenience,” according to a tweet from Neiman Marcus.

Jason Weinstein, a Steptoe & Johnson partner and a former Justice Department official who focuses on privacy and data security issues, predicted last month that Target will face millions of dollars in legal fees connected to its breach.

“Data privacy and security class action suits have become the ambulance-chasing of the 21st century,” he wrote on Steptoe’s Cyberblog.

Featured Firms

Law Offices of Gary Martin Hays & Associates P.C.

75 Ponce De Leon Ave NE Ste 101

Atlanta, GA 30308

(470) 294-1674

www.garymartinhays.com

Law Offices of Mark E. Salomone

2 Oliver St #608

Boston, MA 02109

(857) 444-6468

www.marksalomone.com

Smith & Hassler

1225 N Loop W #525

Houston, TX 77008

(713) 739-1250

www.smithandhassler.com

Presented by BigVoodoo

More From ALM

As generative artificial intelligence inspires one of the biggest transformations in generations, Practical Guidance continues to provide the latest tips to help you prepare for the rapid evolution in the way attorneys work.

Practical Guidance Journal: Protecting Work Product in a Generative AI World

Brought to you by LexisNexis®
Download Now

The recent SEC release comes with significant changes for private fund managers. Hear expert insights on what happened, what it means, and what the compliance considerations are.

Countdown to Compliance: SEC Private Fund Reforms

Brought to you by Ontra
Download Now

Find out what features make a code of conduct most effective. Hint: it’s not just the rules.

9 Ethical Code of Conduct Examples for the Business Professional

Brought to you by LRN
Download Now

Premium Subscription

With this subscription you will receive unlimited access to high quality, online, on-demand premium content from well-respected faculty in the legal industry. This is perfect for attorneys licensed in multiple jurisdictions or for attorneys that have fulfilled their CLE requirement but need to access resourceful information for their practice areas.
View Now

Team Accounts

Our Team Account subscription service is for legal teams of four or more attorneys. Each attorney is granted unlimited access to high quality, on-demand premium content from well-respected faculty in the legal industry along with administrative access to easily manage CLE for the entire team.
View Now

Bundle Subscriptions

Gain access to some of the most knowledgeable and experienced attorneys with our 2 bundle options! Our Compliance bundles are curated by CLE Counselors and include current legal topics and challenges within the industry. Our second option allows you to build your bundle and strategically select the content that pertains to your needs. Both options are priced the same.
View Now

From Data to Decisions

Dynamically explore and compare data on law firms, companies, individual lawyers, and industry trends.

Exclusive Depth and Reach.

Law.com Compass includes access to our exclusive industry reports, combining the unmatched expertise of our analyst team with ALM’s deep bench of proprietary information to provide insights that can’t be found anywhere else.

Big Pictures and Fine Details

Law.com Compass delivers you the full scope of information, from the rankings of the Am Law 200 and NLJ 500 to intricate details and comparisons of firms’ financials, staffing, clients, news and events.

General Counsel Summit (GCS) 2024

August 12, 2024 - August 13, 2024
Sydney, New South Wales

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.

Learn More

General Counsel Conference Southwest 2024

September 18, 2024 - September 19, 2024
Dallas, TX

Join General Counsel and Senior Legal Leaders at the Premier Forum Designed For and by General Counsel from Fortune 1000 Companies

Learn More

Women, Influence & Power in Law (WIPL) 2024

September 23, 2024 - September 24, 2024
Chicago, IL

WIPL is the original global forum facilitating women-to-women exchange on leadership and legal issues.

Learn More