Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
The massive cyberattack against Equifax Inc. that compromised highly sensitive data on over 40 percent of the U.S. population may push Congress to pass a national data breach notification law, but a quick fix is unlikely, cybersecurity professionals and attorneys told Bloomberg BNA.
House committees, including the Judiciary Committee, Financial Services Committee, and Energy and Commerce Committee, announced Sept. 8 they will hold hearings in the near future on the breach and whether to adopt a federal notice law.
Companies facing a data breach must deal with separate breach notification laws in 48 states and the District of Columbia. Bills to create a single federal data breach notice standard to preempt the state law patchwork have been introduced without success in Congress since 2003, with interest peaking after major breach events. Whether the Equifax breach will spark a different result remains to be seen.
U.S. credit bureau Equifax announced Sept. 8 that it discovered a large-scale data breach July 29 that affected 143 million consumers. Equifax raked in $3.15 billion in fiscal year 2016 revenue, Bloomberg data show.
After the Target Corp. 2013 breach, the Sony Pictures Entertainment Inc. 2014 breach, and the Home Depot Inc. 2014 breach, lawmakers and industry stakeholders pushed for a national data breach notification standard, saying it was needed to relieve corporate compliance burdens and provide clarity to consumers after an attack. Congress held hearings on the breaches and new legislation was introduced each time.
The Equifax data breach is eliciting a similar response from Congress.
Co-chairman of the Congressional Cybersecurity Caucus Rep. Jim Langevin (D-R.I.) told Bloomberg BNA that he plans to offer a bill that would require “a national data breach notification standard.” Congress will “investigate these issues further,” he said.
Lawmakers reignited the debate on a federal data breach notification standard. House Majority Leader Kevin McCarthy (R-Calif.), Reps. Maxine Waters (D-Calif.) and Ted Lieu (D-Calif.), and Sens. Mark Warner (D-Va.) and Ron Wyden (D-Ore.), all made public statements in support of a national data breach notice standard and further cybersecurity legislation.
Wyden told Bloomberg BNA Sept. 8 that a national breach notice law would help make companies accountable for breaches.
House Judiciary Committee Chairman Bob Goodlatte (R-Va) told Bloomberg BNA that his committee would address the delay in notification after Equifax discovered the breach.
The U.S. will eventually “reach a tipping point,” where the size of a data breach, consumers’ responses to the incident, the political will of lawmakers, and corporate interests will intersect to effectuate a national standard, Evan Wolff, privacy and cybersecurity partner at Crowell & Moring LLP in Washington, told Bloomberg BNA. But a quick legislative result based on the Equifax breach is unlikely, he said.
But others say there is a heightened cybersecurity threat awareness that may make passing legislation more likely now.
The Equifax breach may be “the warning short heard around the world,” Peter Tran, general manager and senior director in the Worldwide Advanced Cyber Defense Practice at RSA Security in Boston, told Bloomberg BNA.
Paige Schaffer, president and chief operating officer of Generali Global Assistance’s identity and digital protection services global unit, told Bloomberg BNA that a breach of Equifax’s scale poses “a real threat to our economic security.”
Ultimately, the complexity of cybersecurity and breach notice issues may make it difficult for lawmakers to pass legislation.
The variety of different kinds of sensitive data, including financial, health, trade secret, and children’s information, may “prove to be far too cumbersome” to adopt a national standard, Steven S. Rubin, partner at Moritt Hock & Hamroff LLP in Garden City, N.Y. and co-chairman of the firm’s cybersecurity practice group, told Bloomberg BNA.
Representatives for Equifax didn’t immediately respond to Bloomberg BNA’s email request for comments.
To contact the reporter on this story: Daniel R. Stoller in Washington at firstname.lastname@example.org
To contact the editor responsible for this story: Donald Aplin at email@example.com
Copyright © 2017 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to email@example.com.
Put me on standing order
Notify me when new releases are available (no standing order will be created)