One of America's biggest retailers and the king of big-box stores, Target, made headlines during the height of the holiday season --- the company had fallen victim to cyber thieves, affecting the data of millions and millions of customers. A few weeks later, luxury retailer, Neiman Marcus announced that it, too, had succumbed to a security breach during four months in 2013 in which a million customers had their credit card data breached too. It seemed to be the worst kind of news for companies, potentially jeopardizing their reputation, and, even worse for customers that rely on security from the major retailers they patronize.
While it seems unlikely that a retailer would want more “heavy-handed” regulations from the government, the National Journal reports that retailers are asking Congress to require them to notify customers when shoppers' information has been put at risk. Supporters of a unified regulation contend would this make things easier for companies, but it would also be easier for firms to serve their customers better by giving businesses a quick and comprehensive way to address hacks. The idea of such a regulation is gaining traction in the beltway and quickly. In fact, Rep. Lee Terry, the chairman of the House Commerce, Manufacturing, and Trade Subcommittee, has planned a data-security hearing, featuring testimony from a Target executive, as early as next month,
In the Senate, Judiciary Committee Chairman Patrick Leahy introduced a data-breach bill earlier this month, with the support of fellow Democratic Sens. Chuck Schumer, Al Franken, and Richard Blumenthal. Leahy, who has backed similar legislation since 2005, said he also plans to hold a hearing on the issue. However, it could be a measure Republicans may not easily support with the idea that such a regulation would be “just another nanny-state” intrusion, and a measure that wrecks of anti-business.
Mary Bono, a former Congresswoman from California, and a Republican who is now a data security advisor for FaegreBD Consulting says the move is not “anti-business” but rather “pro-business.” “It's sort of counterintuitive," she said. Before losing her last election in 2012, Bono had pushed for a similar regulation but it was never able to gain much ground.
After the Target breach was made public, Connecticut Senator Richard Blumenthal urged the Federal Trade Commission to investigate the company’s security practices.
“Customers of companies have a right to expect that their private information will be properly safeguarded and secured,” he told The Hill earlier this month. “The failure to take those steps is not only a violation of trust but also potentially of law."
FTC Commissioner Maureen Ohlhausen also told The Hill the recent high-profile breaches could fuel a national conversation.
“Any time that there is a data breach from a well-known company that impacts a lot of consumers, it brings more attention and more energy to the issue,” the Republican commissioner said. The National Journal reports though The Federal Trade Commission has claimed that it already has the power to go after companies for inadequate data security under its authority to police "unfair" business practices. But the Wyndham Hotel chain and the medical laboratory LabMD have challenged the FTC's actions against them, and the federal courts could decide to strip the FTC of its power in the area.