Attorney General Holder calls for data breach disclosure law

Fred O. Williams
February 24, 2014

U.S. Attorney General Eric Holder is calling for new tools to fight cybercrime, in the wake of data breaches that have exposed personal data from tens of millions of Americans to hackers and identity thieves.

In a video address Monday, Holder urged Congress to pass a nationwide requirement for retailers and other businesses to notify customers and law enforcement when they have suffered a data breach.

"Today I'm calling on Congress to create a strong national standard for quickly alerting customers whose information may be compromised," Holder said.

Such a measure would help law enforcement investigate hacking, help consumers protect themselves, and "hold entities accountable when they fail to keep sensitive information safe," he said.

Holder cited the high-profile breaches of Target Corp. and Neiman Marcus in late 2013 that exposed payment information and other details that could be used to steal consumers' identities.  The breach at Target alone exposed card information of about 40 million consumers and the personal details, such as addresses and phone numbers, of up to 70 million.

According to the National Retail Federation, 46 states and the District of Columbia have legislation setting various standards for the disclosure of data breaches. The industry group supports replacing the state-level requirements with a national standard.

See related: Data breaches: Who's to blame, Data breaches spotlight EMV chip cards