Data Security Act of 2014 could stitch together patchwork of current regulations

But opponents are concerned it could reduce consumer right to sue

The lack of standards in data protection makes events like the Target security breach this past holiday not only difficult to prevent but nearly impossible to hold anyone accountable to. A new bill is hoping to change that, but consumer advocate warns that the bill will strip some of the rights currently enjoyed by customers burned by improper data storage.

The bill, Data Security Act of 2014, which was introduced by Sens. Tom Carper (D-Del.) and Roy Blount (R-Mo.) would seek to improve consumer safety by bringing together a number of currently incomplete laws that operate at the state level under new federal law. According to the initial filings, this bill seeks to “prevent and mitigate identity theft, to ensure privacy, to provide notice of security breaches, and to enhance criminal penalties, law enforcement assistance, and other protections against security breaches, fraudulent access, and misuse of personally identifiable information.”

But others are concerned that federal regulations would reduce the consumer’s ability to sue after a security incident. Following the Target breach multiple class actions lawsuits were set up to recoup losses associated with compromised credit cards and debit accounts. This would no longer be a viable recourse with the inaction of the bill, says consumer attorney Jere Beasley of Montgomery, Ala.

"This legislation is designed, really, to hurt consumers. It prohibits, for example, private lawsuits. It prohibits class actions. It says you cannot sue under state law, even though the credit card companies and the hackers and everybody else may be violating state law," Beasley, told  TV station WFSA. "This act says specifically that you—a victim—cannot file a lawsuit under state law, and that is absolutely mind-boggling."

While other data security provisions like the Senator Patrick Leahy, (D-Vt.) backed Personal Data Privacy and Security Act, are still on the table as a possible solution to the increasing need for information oversight, as of yet there is alarmingly little movement to regulate the space holistically.

Managing Editor

author image

Chris DiMarco

Chris DiMarco, Managing Editor of InsideCounsel magazine, has a background in multimedia production with previous involvement in projects in which he developed and created content for...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.