Over the holiday season major U.S. retailers were hit by a massive security breach which lead to data of millions of customers being compromised. The Target hack alone compromised data, including but not limited to credit and debit card numbers, of more than 70 million people. While the retailer has offered them an olive branch and is helping out in investigations being carried out by the Secret Service and the Department of Justice, some critics hold the view that Target should have done more, particularly when it came to notifying everyone. Today the U.S. Attorney General Eric Holder has called on Congress for a law on quick declaration of data breaches.
The proposed legislation would, in theory, bolster the Justice Department’s ability to “combat crime, ensure individual privacy and prevent identity theft,” while also bringing cybercriminals to justice. This legislation would exempt firms from having to report low-risk breaches, but its going to be tough on the firms that don’t swiftly send out an alert when a large scale data breach occurs or those who haven’t done enough to protect data. Since 45 states already have similar laws in place, its not that this legislation is absolutely critical to curtail the menace of cybercrimes. However, what it will do is create a national standard that holds corporations accountable for alerting consumers when there has been a data breach.