Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


Big retailers want more regulation in the wake of breaches

Retailers are asking Congress to require them to notify customers when shoppers' information has been put at risk

One of America's biggest retailers and the king of big-box stores, Target, made headlines during the height of the holiday season --- the company had fallen victim to cyber thieves, affecting the data of millions and millions of customers.  A few weeks later, luxury retailer, Neiman Marcus announced that it, too, had succumbed to a security breach during four months in 2013 in which a million customers had their credit card data breached too. It seemed to be the worst kind of news for companies, potentially jeopardizing their reputation, and, even worse for customers that rely on security from the major retailers they patronize.

While it seems unlikely that a retailer would want more “heavy-handed” regulations from the government, the National Journal reports that retailers are asking Congress to require them to notify customers when shoppers' information has been put at risk. Supporters of a unified regulation contend would this make things easier for companies, but it would also be easier for firms to serve their customers better by giving businesses a quick and comprehensive way to address hacks. The idea of such a regulation is gaining traction in the beltway and quickly. In fact, Rep. Lee Terry, the chairman of the House Commerce, Manufacturing, and Trade Subcommittee, has planned a data-security hearing, featuring testimony from a Target executive, as early as next month,

In the Senate, Judiciary Committee Chairman Patrick Leahy introduced a data-breach bill earlier this month, with the support of fellow Democratic Sens. Chuck Schumer, Al Franken, and Richard Blumenthal. Leahy, who has backed similar legislation since 2005, said he also plans to hold a hearing on the issue. However, it could be a measure Republicans may not easily support with the idea that such a regulation would be “just another nanny-state” intrusion, and a measure that wrecks of anti-business. 

Mary Bono, a former Congresswoman from California, and a Republican who is now a data security advisor for FaegreBD Consulting says the move is not “anti-business” but rather “pro-business.” “It's sort of counterintuitive," she said. Before losing her last election in 2012, Bono had pushed for a similar regulation but it was never able to gain much ground.

After the Target breach was made public, Connecticut Senator Richard Blumenthal urged the Federal Trade Commission to investigate the company’s security practices.

“Customers of companies have a right to expect that their private information will be properly safeguarded and secured,” he told The Hill earlier this month. “The failure to take those steps is not only a violation of trust but also potentially of law."

FTC Commissioner Maureen Ohlhausen also told The Hill the recent high-profile breaches could fuel a national conversation.

“Any time that there is a data breach from a well-known company that impacts a lot of consumers, it brings more attention and more energy to the issue,” the Republican commissioner said. The National Journal reports though The Federal Trade Commission has claimed that it already has the power to go after companies for inadequate data security under its authority to police "unfair" business practices. But the Wyndham Hotel chain and the medical laboratory LabMD have challenged the FTC's actions against them, and the federal courts could decide to strip the FTC of its power in the area.

Related reading: 

Inside: Establishing a Data Governance Committee as part of 2014 strategic priorities

Survey shines light on issues with healthcare communications

Adoption of cloud-based tools on the rise in legal industry

Contributing Author

author image

Alexis Harrison

Alexis Harrison is a Connecticut-based writer and public relations professional whose career spans both print journalism and broadcast news. Alexis started her professional life as...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.