Home > News > Data Breaches: Does the Government Need to Step In?

Comments 0 Comments

To listen to some House Republicans at the Target hearing Wednesday, and the Senate Republicans on Tuesday, one would be forgiven for thinking that the massive data breaches experienced by customers of Target, Neiman Marcus and the hotel management chain White Lodging were serious enough to warrant two Congressional hearings (and one more to come), but not a single change to federal law.

Responding to Senate Democrats’ interest in a new federal breach notification law, which would require companies to notify people in a uniform way if their personal data was lost or stolen, Sen. Charles Grassley (R-Iowa) said, “Overnotification can lead to harm and apathy” — just moments before Sen. Dianne Feinstein (D-Calif.) told the room that she had been affected by one of the data breaches but had yet to receive any notice.

The House committee’s Privacy Working Group co-chair, Rep. Marsha Blackburn (R-Tenn.) seemed entirely unconvinced that any new legislation was necessary, suggesting that the House might only have to decide how to “take the rules on the books for the physical space and apply them to the virtual space to encourage commerce” — even though she acknowledged how concerned her constituents remained about their own security.

The Right to Know

It’s not as though these breaches are the first to affect millions of Americans and, rest assured, they won’t be the last. Data breaches are destined to join death and taxes as the third certainty in life, as a new Javelin survey this week shows. Javelin’s numbers indicate that 2013 was the second most prolific year for identity thieves in recent history, with a near-record 13.1 million Americans being affected to the tune of $18 billion — an increase of 500,000 victims over 2012.

But it’s only going to get worse for people — between the slow crawl by retailers and card issuers to make the requisite investment to replace the ubiquitous, less-secure magnetic stripe cards and readers with a fully-functional chip-and-pin smartcard system that provides a heightened level of security, and the exponential increase in the technological sophistication of hackers determined to maximize the take from their criminal activities.

Americans have the right to know when their financial lives have been put at risk by one of the many organizations that collect and maintain their data — be that medical information, personally identifying information and/or financial information. But currently, each state has a different law (if they have one at all), making notifications more difficult for especially small organizations to handle correctly — and they all require companies to reveal different things in different ways, making it hard for consumers to understand how they might or might not really be affected.

As Sen. Feinstein noted, some in the business community have been fighting against federal breach notification standards for years, even as the number of breaches and the number of Americans affected by each breach has skyrocketed. In the past two months, it’s possible that fully half of this country — or more — has been snared in one of the breaches that have made the nightly news, and those are just the ones about which we know.

But House Republicans seemed more interested in encouraging companies like Target and Neiman Marcus to participate in the Department of Homeland Security’s information-sharing system for critical infrastructure, in which companies and the government share information with each other, than legally requiring companies under federal law to share information with the consumers actually affected by the breaches.

(Notably, Homeland Security did in fact warn retailers about potential malware breaches in January, well after Target and Neiman Marcus’ – and potentially other retailers’ — customers had been affected.)

Empowering the Consumer

It’s time to stop the tired anti-government rhetoric and start dealing with the reality that people need to know when their data has been exposed to criminals so they can be on alert and take steps to mitigate the risks engendered by that exposure. Most people assume that if they do all the right things, they can protect themselves from being victims of identity theft.

But as these ongoing data breaches prove, if your data is in the wrong database at the wrong moment when the wrong person gains unauthorized access, it doesn’t matter how many credit card offers or sensitive documents you have shredded over the years: you can and very likely will be victimized by identity thieves. Without the knowledge that your personal or financial information has been exposed in a breach, you can hardly take the proactive steps needed to protect your identity or be on heightened alert for phishing scams in all their various new-fangled forms.

Once identity thieves have your information, their ability to exploit it (and you) doesn’t stop if and when your bank replaces one credit card or you change one password. It costs them little additional effort to relentlessly bombard your inbox with real-seeming emails from your supposed bank, or phone calls from your supposed utility provider, or text messages from your supposed cellphone company — and their payday can be massive if they just get one person in a hundred to click, call, reply or give up a credit card number.

But to hear Republicans talk, the real danger is that you might get too many notifications that your identity is at risk. Must be nice to be a Senator, eh?

This story is an Op/Ed contribution to Credit.com and does not necessarily represent the views of the company or its affiliates.

More on Identity Theft:

Image: BrianAJackson

Comments on articles and responses to those comments are not provided or commissioned by a bank advertiser. Responses have not been reviewed, approved or otherwise endorsed by a bank advertiser. It is not a bank advertiser's responsibility to ensure all posts and/or questions are answered.

Please note that our comments are moderated, so it may take a little time before you see them on the page. Thanks for your patience.

Credit.com receives compensation for the financial products and services advertised on this site if our users apply for and sign up for any of them.

Hello, Reader!

Thanks for checking out Credit.com. We hope you find the site and the journalism we produce useful. We wanted to take some time to tell you a bit about ourselves.

Our People

The Credit.com editorial team is staffed by a team of editors and reporters, each with many years of financial reporting experience. We’ve worked for places like the New York Times, American Banker, Frontline, TheStreet.com, Business Insider, ABC News, NBC News, CNBC and many others. We also employ a few freelancers and more than 50 contributors (these are typically subject matter experts from the worlds of finance, academia, politics, business and elsewhere).

Our Reporting

We take great pains to ensure that the articles, video and graphics you see on Credit.com are thoroughly reported and fact-checked. Each story is read by two separate editors, and we adhere to the highest editorial standards. We’re not perfect, however, and if you see something that you think is wrong, please email us at editorial team [at] credit [dot] com,

The Credit.com editorial team is committed to providing our readers and viewers with sound, well-reported and understandable information designed to inform and empower. We won’t tell you what to do. We will, however, do our best to explain the consequences of various actions, thereby arming you with the information you need to make decisions that are in your best interests. We also write about things relating to money and finance we think are interesting and want to share.

In addition to appearing on Credit.com, our articles are syndicated to dozens of other news sites. We have more than 100 partners, including MSN, ABC News, CBS News, Yahoo, Marketwatch, Scripps, Money Magazine and many others. This network operates similarly to the Associated Press or Reuters, except we focus almost exclusively on issues relating to personal finance. These are not advertorial or paid placements, rather we provide these articles to our partners in most cases for free. These relationships create more awareness of Credit.com in general and they result in more traffic to us as well.

Our Business Model

Credit.com’s journalism is largely supported by an e-commerce business model. Rather than rely on revenue from display ad impressions, Credit.com maintains a financial marketplace separate from its editorial pages. When someone navigates to those pages, and applies for a credit card, for example, Credit.com will get paid what is essentially a finder’s fee if that person ends up getting the card. That doesn’t mean, however, that our editorial decisions are informed by the products available in our marketplace. The editorial team chooses what to write about and how to write about it independently of the decisions and priorities of the business side of the company. In fact, we maintain a strict and important firewall between the editorial and business departments. Our mission as journalists is to serve the reader, not the advertiser. In that sense, we are no different from any other news organization that is supported by ad revenue.

Visitors to Credit.com are also able to register for a free Credit.com account, which gives them access to a tool called The Credit Report Card. This tool provides users with two free credit scores and a breakdown of the information in their Experian credit report, updated twice monthly. Again, this tool is entirely free, and we mention that frequently in our articles, because we think that it’s a good thing for users to have access to data like this. Separate from its educational value, there is also a business angle to the Credit Report Card. Registered users can be matched with products and services for which they are most likely to qualify. In other words, if you register and you find that your credit is less than stellar, Credit.com won’t recommend a high-end platinum credit card that requires an excellent credit score You’d likely get rejected, and that’s no good for you or Credit.com. You’d be no closer to getting a product you need, there’d be a wasted inquiry on your credit report, and Credit.com wouldn’t get paid. These are essentially what are commonly referred to as "targeted ads" in the world of the Internet. Despite all of this, however, even if you never apply for any product, the Credit Report Card will remain free, and none of this will impact how the editorial team reports on credit and credit scores.

Your Stories

Lastly, much of what we do is informed by our own experiences as well as the experiences of our readers. We want to tell your stories if you’re interested in sharing them. Please email us at story ideas [at] credit [dot] com with ideas or visit us on Facebook or Twitter.

Thanks for stopping by.

- The Credit.com Editorial Team