Consumer group calls for comprehensive cybersecurity legislation in 2014
The National Consumers League issued a report Monday detailing the impact hundreds of major data breaches last year have had on consumer confidence and the economy and started an online petition calling on the Obama administration and Congress to abandon the government’s hands-off approach to setting security standards and pass tougher cybersecurity and data breach notification laws this year.
The report comes as NCL unveils its #DataInsecurity Project to raise awareness of the 614 data breaches in the U.S. in 2013 that led to more than 500 million identities being compromised.
“Hackers are having a field day at consumers’ expense. This is because businesses and other organizations that collect consumer data haven’t made data security a high enough priority,” NCL said in a statement accompanying its online petition for comprehensive cybersecurity legislation.
The NCL is calling for legislation that would require businesses that collect consumer data to institute reasonable data security procedures, although it does not spell out what would constitute a reasonable procedure. Likewise, NCL wants Congress to pass a national data breach notification standard “modeled after strong state laws like California’s.” The petition also calls on Congress to grant the Federal Trade Commission the authority to protect consumer data and create strong data protection rules.
John Breyault, NCL’s vice president of public policy, telecommunications and fraud, said the recent spate of high-profile data breaches involving major retail outlets was “a real tipping point” in the debate over who should be held accountable for protecting consumer identity information and the role of government in online security.
“Given the increasing scope and cost of consumer data breaches, it is clear to us that a hands-off approach by the government is not working well enough,” Breyault said. Identity fraud has topped the complaints list to the FTC for 14 years straight, he said.
In a new report that surveyed identity fraud victims in four major metropolitan areas, 61 percent of data breach victims surveyed reported that the breached information was used to commit fraud against them. And nearly half of victims — 49 percent — do not know where the information used to defraud them was compromised.
According to the report, the consequences of consumer fraud have a serious ripple effect throughout the economy. “Fraud victims report losing trust in the businesses where their data was compromised,” the report states. For example, 59 percent of respondents whose data was breached at a retailer expressed “significantly decreased” trust in retailers who failed to protect their information.
Al Pascual — senior analyst of fraud and security at Javelin Strategy and Research, which conducted the study for NCL — said the relationship between data breaches and identity fraud has “grown stronger” every year for the past five years. “There is an undeniable connection between data breaches and fraud,” Pascual said.