Massive cyber threat gives a sense of urgency to long-stalled legislation.
WASHINGTON – Computer hackers’ massive theft of customer data from Target Corp. could break a near-decade long congressional gridlock over proposals to better protect credit and debit card information.
Hearings in February will examine not only the details of how cyber thieves stole the information but also several bills to protect consumers and punish criminals.
“With a theft of this magnitude, it will change the dynamics,” said U.S. Sen. Amy Klobuchar, D-Minn. “We have to figure out something that’s actually going to be able to move the ball here and stop some of this theft.”
For years, legislative efforts to codify such things as data protection and disclosure of information theft have languished in committees because of disagreements about how far regulations should reach. It’s possible those rifts could re-emerge in the bitterly partisan Congress, but for now some members see a new sense of urgency.
To avoid a repeat of the Target breach, which exposed data from as many as 110 million customers, legislators are looking at a three-pronged approach. It would require technology improvements that make credit and debit cards more secure, and provide enhanced charges and penalties for those who steal data and stricter rules for reporting security breaches.
The Senate has four data security proposals that many in the chamber believe could be combined into a single bill that would win approval and go to the House.
The House has several cyber security bills and one breach notification bill.
Minnesota Democratic Sen. Al Franken co-sponsored the most detailed of the Senate plans, and Klobuchar supports it. Both believe the Target theft will finally secure a vote on a bill dealing with the protection of personal information.
“I can’t imagine that it wouldn’t,” Franken said, “because this is one of the biggest breaches in history.”
Three of the Senate bills aim to set minimum standards for protection of information and disclosures of data thefts.
One of those bills, offered by Sen. Patrick Leahy, D-Vt., and backed by Franken and Klobuchar, would expand the kinds of criminal charges and the length of prison sentences federal prosecutors may seek for those who steal personal information.
The bill would also make businesses comply with data “safeguards” set by the Federal Trade Commission and require companies to have data protection systems “appropriate to the size and complexity” of their operations.
Finally, the bill would require agencies and businesses “to notify any U.S. resident whose information has been accessed or acquired without unreasonable delay after the discovery of a security breach.”
The fourth Senate bill calls for “development of a voluntary, industry-led set of standards and procedures’’ to reduce the risk of cyber crime.
Franken recently wrote letters to major U.S. credit and debit card companies asking them why chip and personal ID number technology that makes cards more secure and is widely employed in Europe is not used in the United States.
“Because we don’t [use the technology], we’re clearly being targeted by hackers domestic and overseas. This is organized crime now,” Franken said. He noted that the United States conducts a quarter of the world’s credit and debit card transactions but suffers half the world’s card fraud.
Target CFO to testify
The Senate Judiciary Committee — which includes both Franken and Klobuchar and is chaired by Leahy — will question the chief financial officer of Target, John Mulligan, at a Feb. 4 hearing.