{"id":2525,"date":"2014-02-07T00:30:35","date_gmt":"2014-02-07T00:30:35","guid":{"rendered":"http:\/\/ncjolt.org\/?p=2525"},"modified":"2020-06-04T20:53:56","modified_gmt":"2020-06-04T20:53:56","slug":"silver-linings-targets-data-breach-could-lead-to-new-consumer-protections","status":"publish","type":"post","link":"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/silver-linings-targets-data-breach-could-lead-to-new-consumer-protections\/","title":{"rendered":"Silver Linings: Target\u2019s Data Breach Could Lead to New Consumer Protections"},"content":{"rendered":"<p>For <a href=\"https:\/\/corporate.target.com\/#?lnk=fnav_t_spc_1_7\">Target<\/a> Corporation, December 2013 was an utter disaster. Just before Christmas, the company revealed that hackers had stolen personal information for as many as <a href=\"http:\/\/www.marketwatch.com\/story\/americans-under-quiet-siege-from-credit-theft-2014-02-04\">110 million<\/a> of its customers. From November 27<sup>th<\/sup> until December 15<sup>th<\/sup>, hackers accessed customers\u2019 credit and debit card numbers, names, phone numbers, mailing addresses, and email addresses. The breach was one of the largest in history.<br \/>\nUnfortunately for consumers, the Target breach was not an isolated incident (see <a href=\"http:\/\/www.washingtonpost.com\/business\/technology\/neiman-marcus-we-deeply-regret-data-breach\/2014\/01\/16\/7bd54b30-7ee8-11e3-93c1-0e888170b723_story.html\">Neiman Marcus<\/a>), and the problem will only grow in the future. Fran Rosch, a senior executive at the cyber security company <a href=\"http:\/\/www.symantec.com\/index.jsp\">Symantec<\/a>, cautions that \u201cthe threat is exploding and so are the attacks.\u201d<br \/>\nOn February 4<sup>th<\/sup>, retailers spoke before a <a href=\"http:\/\/www.reuters.com\/article\/2014\/02\/04\/us-usa-hacking-congress-idUSBREA121I620140204\">U.S. Senate panel<\/a> in the hopes of finding a solution to the problem. One possible solution <a href=\"http:\/\/www.nytimes.com\/2014\/02\/05\/business\/target-to-speed-adoption-of-european-anti-fraud-technology.html\">discussed during the panel<\/a> was the implementation of <a href=\"http:\/\/www.emvco.com\/about_emv.aspx\">EMV<\/a> systems, which are widely used in Europe to prevent credit card fraud. These systems essentially replace the magnetic stripes found on credit cards with a small chip embedded in each card. The chips are nearly impossible to counterfeit, making stolen data far less valuable.<br \/>\nRetailers have been reluctant to utilize this tool partly due to the costs of replacing their current card reading machines. However, pressure has begun to mount \u2013 from consumer groups, to credit card companies, and now the U.S. Senate.<\/p>\n<blockquote><p>Unwilling to wait for retailers to find their own solutions, the Obama administration is advocating a uniform national standard that requires businesses to quickly report thefts of electronic personal information\u2026<\/p><\/blockquote>\n<p>Unwilling to wait for retailers to find their own solutions, the Obama administration is advocating a <a href=\"http:\/\/www.mansfieldnewsjournal.com\/usatoday\/article\/5200717\">uniform national standard<\/a> that requires businesses to quickly report thefts of electronic personal information to the federal government and to consumers. Notification would allow law enforcement to \u201c<a href=\"http:\/\/www.cutimes.com\/2014\/02\/04\/justice-official-pushes-obama-cybersecurity-plan-o?t=washington\">pursue and catch<\/a> the predators.\u201d Additionally, notification would allow consumers to take preemptive action against misuse of their personal information, such as obtaining a new debit card number.<br \/>\nMany states already have notification laws, however, a &#8220;strong and consistent national requirement would simplify compliance by business while ensuring that all consumers are protected,&#8221; according to Federal Trade Commission (FTC) Commissioner Edith Ramirez. In addition to notification requirements, Ramirez would like Congress to pass a law that allows the FTC <a href=\"http:\/\/www.mansfieldnewsjournal.com\/usatoday\/article\/5200717\">greater authority<\/a> to bring cases and force businesses to adequately protect their customers. Senator Elizabeth Warren, who has questioned whether the FTC currently has adequate authority to do so, echoed this sentiment. Currently, the FTC has the power to punish \u201cunfair business practices.\u201d The FTC has <a href=\"http:\/\/www.nextgov.com\/cybersecurity\/2014\/02\/senators-launch-probe-massive-data-breaches\/78140\/?oref=ng-HPriver\">attempted to use this vaguely worded power<\/a> to go after companies for failing to secure data. However this practice has been challenged by multiple businesses, and it remains unclear whether it is legal under current law.<br \/>\nCongress should strongly consider passing legislation that requires businesses to notify consumers when breaches occur, and ought to specifically authorize the FTC to enforce it. While this type of comprehensive legislation is unlikely to come quickly or easily, the February 4<sup>th<\/sup> Senate hearing was a step in the right direction. By bringing attention to the issue, Congress and the President have not only put pressure on businesses to improve their data protection, but have also alerted the public to remain vigilant while businesses and government adapt to evolving cyber security threats.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>For Target Corporation, December 2013 was an utter disaster. Just before Christmas, the company revealed that hackers had stolen personal information for as many as 110 million of its customers. From November 27th until December 15th, hackers accessed customers\u2019 credit and debit card numbers, names, phone numbers, mailing addresses, and email addresses. The breach was <a href=\"https:\/\/journals.law.unc.edu\/ncjolt\/blogs\/silver-linings-targets-data-breach-could-lead-to-new-consumer-protections\/\" class=\"more-link\">&#8230;<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[51],"tags":[],"_links":{"self":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/2525"}],"collection":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/comments?post=2525"}],"version-history":[{"count":1,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/2525\/revisions"}],"predecessor-version":[{"id":7510,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/posts\/2525\/revisions\/7510"}],"wp:attachment":[{"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/media?parent=2525"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/categories?post=2525"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/journals.law.unc.edu\/ncjolt\/wp-json\/wp\/v2\/tags?post=2525"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}