ICFE eNEWS #16-38 - November 3rd 2016
View this eNEWS online

Is it time for a national data breach notification law?
Part 2 - What do consumers think?

By Yan Ross, Director of Special Projects, ICFE

Just three months ago, ICFE's newsletter on this topic concluded that there was little likelihood that a national breach notification law would be adopted during the current session of Congress. While that is still true, it now appears that there has been some increase among consumers in the perceived need for such a law.

It's not apparently a partisan issue, either. Even during a period fraught with political activity, a recent survey shows there is widespread support for a single national standard for data breach notification. Some 86 percent of those surveyed favor such a standard for companies to notify customers of a data breach rather than the current patchwork of state laws.

The survey was conducted by the organization Public Opinion Strategies and results were reported to the U.S. Chamber Institute for Legal Reform's annual summit last week. Further, this concern cuts across the partisan spectrum: 77 percent of Independents, 83 percent of Republicans and 93 percent of Democrats indicate favor for a national policy.

Additional points of interest in the report include the following:

• The vast majority think data breaches are inevitably going to affect major companies. Seventeen percent say that it is "inevitable," while another 63 percent say it will "probably" happen. Only 16 percent say that data breaches will only happen to companies which are negligent or incompetent in handling this information.

• Some 84 percent, support reining in investigations and lawsuits by ensuring that we have consumer protection laws that specifically address data privacy, and not allow government regulators and lawyers to rely on older laws. A mere 11 percent oppose this proposal.

• Those polled say that companies who make investments up-front in cyber-security but still suffer a database breach should not be sued (70 percent).

• Three-quarters say that companies which respond afterward by quickly notifying its customers, providing free credit monitoring, and fixing the security problems in its systems also should not be sued.

• Nearly 70 percent, say that they would "limit class action lawsuits to people who have personally suffered identity theft, fraudulent activity in bank or credit card accounts or other financial harm." Exposure would not constitute harm, therefore.  

According to the report, "The survey clearly demonstrates overwhelming and consistent support for policies to reform how data breaches are handled in legal proceedings and by government regulators."

But the survey only covered voters, not industry or interest group voices. Action is by no means assured, as there are still a broad variety of participants in the process wishing to be heard to the contrary. Among them are certain industry groups, States-rights advocates, and even consumer protection spokespersons, all with their own versions of why the current patchwork may actually serve the interests of consumers most efficiently.

Accordingly, the remaining question is whether the federal government will take action in response to this independent report. The new Congress coming into office in 2017 may have a different set of priorities than the outgoing 115th.

ICFE will stay tuned to these developments, so watch for future reports.

The ICFE's Certified Identity Theft Risk Management Specialist ® XV CITRMS® course is now available both in printed format and online.

The Textbook and Desk Reference edition of the course book is also available online. Bulk pricing and discounts for veterans and students available. Inquire at yan.ross@icfe.info

Yan Ross is ICFE's Director of Special Projects, and the author of the Certified Identity Theft Risk Management Specialist ® XV CITRMS® course. As an accredited educator for over 20 years, he has addressed Identity Theft Risk Assessment and management for consumers, organizations holding personally identifiable information, and professionals who work with individuals and organizations who are at risk of falling victim to identity thieves.

ICFE eNEWS is available FREE upon request by visiting the ICFE's Web site and filling out the contact form, selecting "Yes" for "Add to Mailing List." Please pass this eNEWS on to your peers and interested others and invite them to subscribe for free. Also, visit the ICFE's new Web site: StudentDebtHelp.org

Sent by:

Paul S. Richard
President - Executive Director
Institute of Consumer Financial Education (ICFE)

ICFE - Institute of Consumer Financial Education - ICFE.info - 619.239.1401