A hearing today on Capitol Hill marked the fourth time this year that the US Senate has taken up the issue of data breaches, and how to prevent our personal information from being stolen.
The issue has gained national attention with computer system intrusions at Target, Nieman Marcus, TJ Maxx, and other retailers.
And while lawmakers sound resolved to take action, there’s been more talking than doing so far.
No law can be a cure-all, says US Senator Tom Carper (D-Del.), “but we owe it to our consumers, we owe it to our taxpayers, we owe it to businesses and other entities that have been and will be victims of breaches to put into place the best system possible to deal with this growing threat.”
Carper, chairman of the Committee on Homeland Security and Governmental Affairs, also heard from the head of the Federal Trade Commission, Edith Ramirez.
“It’s clear that companies are not investing adequately in the area of data security, and that more needs to be done,” she said.
She suggests giving the FTC power to fine companies that don’t comply with security standards.
But those standards are themselves a problem, with a cybersecurity expert testifying that the patchwork of state laws drains resources from the places we count on to keep our credit cards and similar information secure.
“I think it’s really important that they can reinvest their dollars that they’re spending in compliancy today, and actually put it into information security protection,” said Tiffany Jones, a senior vice president with the cyberthreat intelligence firm iSight Partners.
Carper and Sen. Roy Blunt (R-Mo.), have introduced the Data Security Act of 2014.
“It would require a national standard for entities that collect sensitive personal information,” says Carper. “It would require these entities to enact a cohesive plan for preventing and responding to data breaches, plans that would detail steps that will be taken to protect information, investigate breaches, and notify consumers.”
Tim Pawlenty, the former governor of Minnesota, now heads the Financial Services Roundtable, a banking industry lobbying group.
“At a minimum, we hope that the Senate, and the Congress more broadly, would take action promptly on the national data breach notification laws,” he said. “That will help in terms of the response to incidents. But we also should realize that is just one step, and an incomplete step. We also need to do all that we can to be better prepared and more resilient on the prevention side.”