“Data breach prevention and response are again at the forefront of the public consciousness with the recent news of a massive data breach by Yahoo. The call for federal breach notification legislation was revived by the FTC on September 27, 2016, five days after the Yahoo breach was announced. During testimony before the U.S. Senate Committee on Commerce, Science and Transportation, the FTC reiterated “its longstanding, bipartisan call for federal legislation that would (1) strengthen its existing data security authority and (2) require companies, in appropriate circumstances, to provide notification to consumers when there is a security breach.” Just twelve days prior, John Carlin, assistant attorney general for national security at the Department of Justice, called for a unified federal breach notification law, referring to the existing spread of 47 state laws as “ridiculous.”
Yahoo reported the largest data breach to date, affecting at least 500 million user accounts. The tech giant is not alone in experiencing a significant data breach as many American companies have suffered high profile data breaches in the last couple years. In light of major hacking events becoming increasingly prevalent in the news, consumers, regulators and legislators alike are focusing more intently on data breach response and prevention standards. Earlier this year, the FTC reported receiving 490,220 identity theft complaints from consumers during 2015—a 47% year over year increase.”
Authors: Martha Wrangham, Gretchen A. Ramos, Zerina Curevac