U.S. Attorney General Eric Holder said Congress should require businesses to tell customers promptly after hackers steal information
In a video address Monday, Holder urged Congress to pass a nationwide requirement for retailers and other businesses to notify customers and law enforcement when they have suffered a data breach.
“Today I’m calling on Congress to create a strong national standard for quickly alerting customers whose information may be compromised,” Holder said.
Such a measure would help law enforcement investigate hacking, help consumers protect themselves, and “hold entities accountable when they fail to keep sensitive information safe,” he said.
Holder cited the high-profile breaches of Target Corp. and Neiman Marcus in late 2013 that exposed payment information and other details that could be used to steal consumers’ identities. The breach at Target alone exposed card information of about 40 million consumers and the personal details, such as addresses and phone numbers, of up to 70 million.
According to the National Retail Federation, 46 states and the District of Columbia have legislation setting various standards for the disclosure of data breaches. The industry group supports replacing the state-level requirements with a national standard.
See related: Data breaches: Who’s to blame, Data breaches spotlight EMV chip cards