Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


Data Security Act of 2014 could stitch together patchwork of current regulations

But opponents are concerned it could reduce consumer right to sue

The lack of standards in data protection makes events like the Target security breach this past holiday not only difficult to prevent but nearly impossible to hold anyone accountable to. A new bill is hoping to change that, but consumer advocate warns that the bill will strip some of the rights currently enjoyed by customers burned by improper data storage.

The bill, Data Security Act of 2014, which was introduced by Sens. Tom Carper (D-Del.) and Roy Blount (R-Mo.) would seek to improve consumer safety by bringing together a number of currently incomplete laws that operate at the state level under new federal law. According to the initial filings, this bill seeks to “prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.”

But others are concerned that federal regulations would reduce the consumer’s ability to sue after a security incident. Following the Target breach multiple class actions lawsuits were set up to recoup losses associated with compromised credit cards and debit accounts. This would no longer be a viable recourse with the inaction of the bill, says consumer attorney Jere Beasley of Montgomery, Ala.

"This legislation is designed, really, to hurt consumers. It prohibits, for example, private lawsuits. It prohibits class actions. It says you cannot sue under state law, even though the credit card companies and the hackers and everybody else may be violating state law," Beasley, told  TV station WFSA. "This act says specifically that you—a victim—cannot file a lawsuit under state law, and that is absolutely mind-boggling."

While other data security provisions like the Senator Patrick Leahy, (D-Vt.) backed Personal Data Privacy and Security Act, are still on the table as a possible solution to the increasing need for information oversight, as of yet there is alarmingly little movement to regulate the space holistically.

Executive Editor

author image

Chris DiMarco

Chris DiMarco, Executive Editor of InsideCounsel magazine, has a background in multimedia production with previous involvement in projects in which he developed and created content...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.