Further, in an attempt to recognize companies who suffer data breaches as victims, the letter references several times the theft of financial payment information, noting that “the failure of the payment cards themselves to be secured by anything more sophisticated than an easily-forged signature makes the card numbers particularly attractive to criminals and the cards themselves vulnerable to fraudulent misuse. Better security at the source of the problem is needed.” President Obama recently announced a new initiative aimed at making financial transactions more secure through “chip and pin” technology.
While the letter does call for national regulation of data breach notification, it does include the caveat that “Congress should act to standardize reasonable, timely notification of sensitive data breaches.” Nonetheless, many sectors would now welcome a federal breach notification standard as a less costly alternative to complying with the patchwork of different state laws currently in place.
Congress is unlikely to act on data security and breach notification during the lame duck session; however, given House Republicans’ interest in this issue in past months; we could see a resurgence of data security legislation in the Republican-controlled 114th Congress.