Attorney General Testifies in D.C. Calling for Comprehensive Legislation to Address Epidemic of Data Breaches
WASHINGTON â€“ Illinois Attorney General Lisa Madigan today testified before the U.S. House of Representativesâ€™ Subcommittee on Commerce, Manufacturing and Trade about her investigations into widespread data breaches reported by retailers in recent months, whichÂ have affected millions ofÂ American consumers. Madigan called on Congress to immediately take steps at the federal level to better protect consumersâ€™ personal information.
â€œOver the past decade, we have faced an epidemic of data breaches that has affected almost every American and has inflicted billions of dollars of damage to our economy,â€ Madigan said. â€œThe recent breaches have served as a wakeup call that government and the private sector need to take serious, meaningful action to curb this growing threat to our financial security.â€
Madigan testified earlier today on Capitol Hill in a hearing titled â€œProtecting Consumer Information: Can Data Breaches Be Prevented?â€ Madigan and the Connecticut Attorney Generalâ€™s Office are currently leading a multistate investigation into the recent Target, Neiman Marcus and Michaels Stores breaches.
Madigan said the epidemic of data breaches has grown over the past decade, now affecting almost every American consumer and inflicting billions of dollars of damage to the U.S. economy. Since 2005, there have been over 4,000 data breaches nationally and 733 million records compromised.
In response, the Attorney General has launched numerous investigations into whether businesses and health care companies are adequately protecting consumersâ€™ data. In 2005, her office worked to enact a state law to require companies to promptly notify their customers of data breaches to ensure consumers know when their sensitive data has been compromised. In 2006, she launched her officeâ€™s Identity Theft Unit, which staffs a statewide hotline (1-866-999-5630) to provide one-on-one assistance to victims of identity theft and data breaches. After receiving more than 40,000 requests for assistance, the ID Theft Unit has helped reverse more than $26 million worth of fraudulent charges on consumersâ€™ accounts.
Madigan said past investigations into data breaches by her office have indicated that companies have repeatedly failed to take basic steps to protect Illinois consumersâ€™ information maintaining consumer data withoutÂ encryption,Â failing to install updated security patches for knownÂ software vulnerabilities and retaining data longer than necessary.
The Attorney General urged Congress to take action to better protect American consumers by adopting federal standards that, while not preempting state law, will require companies to:
- Adopt reasonable data security practices;
- Only collect information from consumers that is necessary for legitimate business needs;
- Delete consumer data as soon as it is no longer needed; and
- Notify consumers in a timely manner when a data breach occurs.
Madigan also called on members of the subcommittee to authorize a federalÂ agency to investigate large, sophisticated data breaches, akin to the National Transportation Safety Board’s role in aviation accidents.
For more information, read Attorney General Madiganâ€™s written testimony from the hearing.