Retailers demand data breach laws

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://thehill.com/policy/cybersecurity/223236-retailers-demand-data-breach-laws

Retailers are calling on Congress to take action to prevent hackers from
stealing data, arguing lawmakers should pass legislation that imposes a
uniform, federal standard for rules regarding breaches.

The coalition of groups calling for action includes national and state
retail associations as well as hotels, grocery stores and petroleum sellers.

“Congress should act to standardize reasonable, timely notification of
sensitive data breaches whenever and wherever they occur,” the letter said.

Industry groups have argued a patchwork of 47 separate state-based
standards has caused significant confusion. Notification standards also
vary by industry.

“Given the breadth of these invasions, if Americans are to be adequately
protected and informed, any legislation to address these threats must cover
all of the types of entities that handle sensitive personal information,”
the letter said.

While a number of Democratic lawmakers have advocated data breach
legislation, Republicans have not been as assertive.

Rep. Lee Terry (R-Neb.), defeated in Tuesday’s midterm elections, was one
of his party’s few prominent voices. He tried unsuccessfully to use his
platform as chairman of the House subcommittee on commerce, manufacturing
and trade to get a data breach measure introduced.

There is general consensus that federal standards are needed on data breach
notifications.

More contentious is the level of data security a bill should require of
companies, and how much authority the government would have to enforce
those standards.

“Security gaps left unaddressed will quickly be exploited by criminals,”
the letter said, citing the continued use of the vulnerable magnetic strip
on payment cards.

Fallible magnetic strips were behind the massive data breaches at Target
and Wal-mart.

By October 2015, banks, credit card companies and retailers have all agreed
to switch to more reliable chip-enabled technology, which uses an embedded
microchip in payment cards to encrypt each transaction.

Chip-based cards also require a second form of authentication, either a
signature or PIN number.

The government has pledged to transition to chip-and-PIN cards, seen as
less susceptible to hacks.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!