National Consumers League adds Identity Theft Resource Center ‘Live-Chat’ to Fraud.org to help identity crime victims

/in , , , , , , , , , , /by

December 13, 2022

Media contact: National Consumers League – Katie Brown, katie@nclnet.org, 202-823-8442

WASHINGTON, D.C. – Today, the National Consumers League (NCL), the nation’s oldest consumer advocacy organization, and the Identity Theft Resource Center® (ITRC), a nationally recognized nonprofit organization established to support victims of identity crime, are partnering up to help victims of identity crimes.

NCL integrated the ITRC’s live-chat function into fraud.org, a project of the NCL to give consumers the information they need to avoid becoming victims of telemarketing and internet fraud. The ITRC live-chat function on fraud.org will help assist victims of identity crimes related to data breaches, identity theft and identity fraud. It will also provide people with another resource during the holiday shopping season when there is an increased risk of identity crimes. According to Forbes, Adobe predicts a 2.5 percent growth in online sales from November 1-December 31, when identity criminals may look to take advantage of increased online activity.

The ITRC’s staff of identity advisors provides preventative information and customized plans to address all types of identity concerns. ITRC advisors assist victims live during business hours or through direct follow-up when contacted after hours and on weekends.

“NCL is always looking for new ways to reach consumers and better protect them from fraud,” said John Breyault, Vice President of Public Policy, Telecommunications, and Fraud at NCL. “By increasing the number of options that individuals can use to contact us, we can help a greater number of people. Thanks to ITRC, consumers with differing accessibility needs, levels of phone service, and communication preferences will find it easier to get in touch with a fraud expert.”

“The NCL and ITRC have a long history of mutual respect and shared commitment to victims of identity crimes,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “Adding the NCL to the group of organizations and government agencies using live-chat to help victims continues our fight for small businesses and consumers to protect them from identity criminals. We believe giving more people direct access to our live identity experts – at no cost – will help prevent identity fraud and provide the support needed to recover from these crimes.”

NCL is the third organization the ITRC has partnered with to integrate the ITRC live-chat function on its website. Earlier in 2022, the ITRC embedded its chat into the San Diego District Attorney Office and New Mexico Office of the Attorney General websites.

Since the ITRC’s chat function was launched on fraud.org, three (3) percent of the ITRC’s total cases have come from its website. Implementing the ITRC’s live-chat function provides victims access to support when it is convenient and in a manner people often prefer – a live-chat rather than a phone call. ITRC advisors will:

  • Ask what happened
  • Ask a series of questions to help determine the scope of the problem
  • Provide a victim or curious consumer with a detailed, custom plan of action steps to take

Currently, most ITRC cases from fraud.org involve scams, primarily lottery and prize scams (mostly about criminals pretending to be Publisher’s Clearing House representatives) and existing account takeover of a bank or credit card account.

The ITRC is committed to providing access to everyone seeking help. Read about the Center’s accessibility initiative here. Anyone can contact an advisor by visiting www.idtheftcenter.org or calling toll-free at 888.400.5530.

About the National Consumers League (NCL)

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit https://nclnet.org.

About the Identity Theft Resource Center  

Founded in 1999, the Identity Theft Resource Center® (ITRC) is a national nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat idtheftcenter.org  and toll-free phone number 888.400.5530. The ITRC also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified. The ITRC offers help to specific populations, including the deaf/hard of hearing and blind/low vision communities.

National Consumers League urges Congress to strengthen Bipartisan Privacy Bill

/in , , , , , , /by

June 17, 2022

Media contact: National Consumers League – Katie Brown, katie@nclnet.org, (202) 207-2832 

WASHINGTON, D.C. – The National Consumers League is encouraged by the bipartisan, bicameral American Data Privacy and Protection Act (“ADPPA”), a long-overdue step to protect the privacy and security of consumers’ personal information. However, there remain some concerns that must be addressed to ensure that the bill provides basic consumer remedies for failure to comply with the rules of the road and preserve the best aspects of the privacy laws that are already in place in the states.

“The lack of a comprehensive data protection law has left Americans at the mercy of criminal hackers who are making billions of dollars stealing consumers’ personal data,” said NCL Executive Director Sally Greenberg. “At the same time, many companies have built their business models on the collection of sensitive data that exacerbates existing inequities in our economy.”

NCL has long pushed for stronger protections for consumer data. In 2011, NCL supported a bill to regulate the use of sensitive location data. In the wake of the Target data breach in 2013, NCL launched the #DataInsecurity Project to raise awareness about how the lack of data security standards increases the risks to consumers of identity fraud and other scams. Most recently, NCL released a genetic privacy reform roadmap detailing actions Congress, the Biden administration and industry could take to protect consumers’ genetic data.

NCL shares the concerns about the ADPPA raised by privacy and consumer advocates. Importantly, we believe that the bill’s private right of action provisions should be strengthened and a prohibition on mandatory binding arbitration clauses should be included in the legislation.

In addition, NCL supports allowing states with strong privacy and data security laws to preserve those provisions where they provide additional consumer protections.  NCL also supports preserving the Federal Communication Commission’s role in regulating the privacy practices of common carriers. Given the bill’s proposal to expand the role of the Federal Trade Commission in protecting consumer data, Congress must ensure that the FTC has the resources it needs to be effective in that role.

“We applaud members of Congress for putting forward a bipartisan bill to provide comprehensive privacy and security protections,” said John Breyault, NCL’s Vice President of Public Policy, Telecommunications and Fraud. “Compromises by all sides in this debate have led us to this moment. There is much promise in this legislation, but key consumer protections need to be addressed before the bill moves forward.”

###

About the National Consumers League (NCL) 

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit www.nclnet.org.

New York ticketing legislation is a victory for fans

/in , , , /by

June 9, 2022

Media contact: National Consumers League – Katie Brown, katie@nclnet.org, (202) 207-2832

Washington, DC— The National Consumers League (NCL) applauded the New York State Assembly for approving S.B. S9461, landmark consumer protection legislation that makes New York the first state to require all-in pricing of live event tickets. The bill also requires ticket brokers to disclose how much was originally paid for a ticket when they resell a ticket, prohibits the resale of tickets that were originally offered for free, and prohibits “print-at-home” fees.

“Fans in New York are the real winners from this bill,” said John Breyault, Vice President of Public Policy, Telecommunications, and Fraud at the National Consumers League. “Hidden fees and outrageous markups are some of consumers’ biggest pain points when it comes to buying tickets. While this bill will not solve every problem within the ticketing industry, getting rid of hidden fees addresses one of fans’ biggest complaints.”

A 2018 Government Accountability Office (GAO) report found that on average, consumers paid an extra 27% of the ticket’s original cost in fees. Media reporting has found instances where hidden fees were 78% of the fare’s starting price.

“Ticketing companies have long known that all-in pricing was a better solution for consumers, but they hesitated to provide it for fear of losing market share to competitors who hid their fees,” said Breyault. “That is the definition of market failure, which the New York bill fixes. We urge other states and the U.S. Congress to follow New York’s example and enact similar legislation.”

NCL applauded, in particular, the leadership of New York Senator James Skoufis whose investigative report on the ticketing industry was an important catalyst for this legislation.

“Senator Skoufis championed this important bill in the face of intense industry opposition and made sure it didn’t get watered down,” said Breyault. “Fans in New York will benefit immensely from his leadership.”

###

About the National Consumers League (NCL) 

The National Consumers League, founded in 1899, is America’s pioneer consumer organization. Our mission is to protect and promote social and economic justice for consumers and workers in the United States and abroad. For more information, visit www.nclnet.org.

 

How you should respond to the security threat likely inside your computer

/in , , , , /by

Nearly two years ago, researchers revealed flaws in the chips of virtually every computer made since the mid-1990’s. The flaws—primarily found in Intel’s chips—create a vulnerability that can be exploited by allowing hackers to obtain unauthorized access to privileged information.


Since the initial exploits were first exposed, new versions have continued to be discovered—the most recent of which was found this past November. While software “fixes” have been released, they tend to reduce the speed and performance of computers—as much as 40 percent, according to some reports. In addition, since the flaw is hardware-based, the “fix” is only good until the next exploit is discovered.

At the time of the discovery of one of the “worst CPU bugs ever found,” there was significant alarm expressed in the news as well as across the cybersecurity community. Since that time, public attention has waned. Unfortunately, the problem has only grown worse. And while there has been considerable discussion of the impact these flaws have on businesses, the impact on consumers has been somewhat overlooked.

That’s why NCL’s #DataInsecurity Project recently released a paper detailing the threat that these bugs—with scary names like Meltdown, Spectre, and Zombieload—pose to consumers, their data, and the performance of their computers.

Every organization or individual running a server or computer with affected hardware should take action to protect themselves. Unfortunately, consumers are less likely to know what to do or have the resources to do it, leaving them more exposed.

For example, consumers are more likely to be running older or outdated software. Consumers are also likely to keep their computers much longer than a business, making their hardware older as well. The way these flaws work, older hardware generally sees a greater slowdown when the security patches are applied.

Additionally, the small businesses that consumers interact with may also be running “legacy” hardware or software. These businesses may not be able to afford the high cost of additional servers to offset the speed loss from the patches or of entirely replacing old systems. This difficult choice for small businesses could mean that some decide against applying patches – with potentially severe consequences for consumers’ data security.

Google has taken preemptive steps to protect consumers, but it also warned that as a result of these security measures, “some users may notice slower performance with some apps and games.” Apple, conversely, has offered software patches but left other security measures as an “opt-in” for consumers.

So, while consumers may not face the same type of risk as businesses, they do face a lot of challenges when it comes to addressing these exploits. Consumers already live in a heightened threat environment, filled with phishing emails and computer viruses. They shouldn’t have to choose between the security of their data or the performance of their computers.

To learn more about these issues and the best way to protect yourself, you can find NCL’s white paper here.

Sign up for the #DataInsecurity Digest

/in , , , , , , , , , /by
Read more

Will Obama’s cybersecurity plan help consumers? – National Consumers League

/in , , /by

It seems appropriate that the Obama Administration chose Safer Internet Day to announce its new Cybersecurity National Action Plan (CNAP). At a time when massive data breaches continue to be the norm, rather than the exception, it is heartening to see the President take comprehensive action to address ongoing threats to consumers’ data. So, what are some of the highlights of the CNAP? Will it help consumers getting pummeled by data breaches? 

Let’s take a look… 

Establishing a “Commission on Enhancing National Cybersecurity”

Bringing together cybersecurity experts to talk shop and recommend solutions is rarely a bad idea. Importantly, the CNAP is charged with delivering a report of its findings and recommendations to the President on December 1, 2016, which should make for interesting reading by data security geeks like yours truly. The CNAP calls for the Commission to be made up of “top strategic, business, and technical thinkers from outside of Government.” Within the Executive Order itself, the Commission membership qualifications are spelled out in greater detail as “those with knowledge about or experience in cybersecurity, the digital economy, national security and law enforcement, corporate governance, risk management, information technology (IT), privacy, identity management, Internet governance and standards, government administration, digital and social media, communications, or any other area determined by the President to be of value to the Commission.”

Notice something missing there? If you said “consumers,” give yourself a gold star. All too often, the job of protecting consumers’ data is punted on to the backs of consumers themselves. While doing things like enabling two-factor authentication, using good digital hygiene, and paying attention to credit reports is never a bad idea, it can’t be the only solution. The companies and agencies that collect and use consumers’ data must have real skin in the game when it comes to protecting that information. We hope that the new Commission will take a look at the role that data security standards, strong data breach notification requirements, and cyber insurance can play in strengthening data protections.

Empowering Americans to secure their online accounts

At NCL, we’re big fans of the great work the National Cyber Security Alliance is doing to arm consumers and businesses with the tools to enhance their own data security. By embracing two-factor authentication, the Administration is putting its imprimatur on a common-sense data security tool that all consumers should be using whenever possible. Kudos, too, for looking at ways for federal agencies to practice what they preach by looking for ways to implement stronger authentication methods and reduce the use of Social Security Numbers as an identifier for citizens. (P.S. If you use Google services and need some extra incentive to up your security game, our colleagues at Google are offering two free gigabytes of Google Drive storage to anyone who completes their Security Checkup).

Investing $19 billion+ for cybersecurity as part of the President’s Fiscal Year (FY) 2017 Budget

This is the part of the CNAP that’s getting the most press and, frankly, will probably be the toughest part of the plan to get over the finish line, given election year politics in Washington. However, given the cybersecurity skills gap, it’s heartening to see the President’s budget proposing a package of student loan forgiveness, increased cybersecurity hiring, small business training, and technology modernization initiatives. Last year’s OPM data breach made the consequences of relying on out-of-date technology painfully clear. And for goodness sakes, it’s time for every federal agency to get off Windows XP, already!

There’s lots more to dig into in the CNAP, but overall, it’s got a lot to like from a consumer point of view. As the Plan correctly recognizes, “there is no silver bullet to fully guarantee our data security.” The fight for better data security is going to take lots of hands, and we applaud the President for proposing ways for us all to get in the trenches.

How many straws until the camel’s back is broken on data breaches? – National Consumers League

/in , , , /by

John BreyaultAnother day, another data breach. The data breach roulette wheel this times landed on health insurer CareFirst. Who loses? The 1.1 million consumers whose names, birth dates, email addresses and CareFirst subscriber ID numbers are now in the hands of cyber crooks.

First things, first, what’s the risk to consumers? The mostly likely effect is that consumer affected by the breach may be on the receiving end of convincing-looking phishing emails. These attacks are designed to trick consumers into clicking on links or attachments that install malware or send users to phishing websites. The phishing emails (and possible telephone calls) are likely to reference CareFirst in some way, and may even masquerade as notifications about the breach itself.

Bottom line: If you are a CareFirst customer, the first place you should be going to get reliable information about the breach and what CareFirst is doing about it is www.carefirstanswers.com. The website has been set up by CareFirst to give affected customers up-to-date information about the breach and what steps they can take to mitigate their risk, including taking advantage of free credit monitoring and identity theft protection CareFirst is offering via Experian.

With that out of the way, there are a number of key questions that regulators, legislators and advocates should be asking in the coming days and weeks.

First, why are health insurers being targeted? CareFirst is the third major health insurer to disclose a breach in the past six months. There are troubling signs that the breaches at Anthem in February, Premera in March and now CareFirst are part of a coordinated attack on U.S. health insurers, possibly by state-sponsored hackers. Regardless of the origin of the hack, it’s clear that medical information is especially lucrative for thieves. According to cybersecurity experts, stolen medical info is worth 10-20 times more than stolen credit or debit card data goes on the cyber black market. With 2.3 million Americans falling victim to medical identity theft in 2014, it’s not hard to see why medical information presents such an attractive target to cybercriminals

Second, why did it take 10 months to notify consumers? According to CareFirst, the intrusion into their network was first detected in June 2014 and “immediate action” was taken to contain the threat. However, it was not until April 2015 that the company discovered that the crooks had exfiltrated their systems with stolen data. With nearly 10 months lead time, cybercrooks had ample time to create mischief with the stolen data before CareFirst notified consumers. Why did it take so long to find out that data was actually lost?

Finally, would more stringent data security standards or data breach notification laws have reduced the risk of this breach? There is no way to make a system 100% safe from hacking. However, far too many companies only invest significant resources in protecting their customers’ data after a hack, not before. This leaves millions of consumers at risk of breach-fueled fraud as companies elect to invest elsewhere while they wait for a hack to force them to spend on data security. What kind of incentives and/or penalties should Congress and Executive Branch consider to shift the cost/benefit equation for companies towards spending on data protection before a breach? NCL’s 2015 Data Security Agenda is a good roadmap for policymakers looking for consumer-friendly answers to these important questions.

The CareFirst breach is yet another straw on the pile of reasons why consumers can’t wait on businesses to take care of the data security problem on their own. It’s time for leaders in Washington to step up and pass real data security reform before the next straw breaks the camel’s — and our — backs. In the meantime, here are tips consumers can use to reduce the risk of identity theft.

Bravo! FTC’s “Start With Security” initiative announces seminar on data security – National Consumers League

/in , , , /by

Federal Trade Commission Chairwoman Edith Ramirez this morning announced the next step in the FTC’s efforts to craft data security guidelines for businesses. As part of its “Start with Security” program, originally unveiled in March, the Commission will hold an initiative at the University of California on September 9. This follows on the heels of the February 13 Summit on Cybersecurity and Consumer Protection at Stanford University.NCL has long advocated for the FTC to take a leadership role in the federal government on data security and is very pleased about this announcement. We applaud the FTC for taking this step to improve data security and help businesses protect consumers.

While details of the September meeting aren’t yet fully known, we do know a few things about the Commission’s “Start with Security” program. At the IAPP summit in March, FTC Bureau of Consumer Protection Director said that the program’s goal is to provide businesses with resources, education and guidance on data security. Chairwoman Ramirez (who NCL will be honoring in October, incidentally) elaborated on this theme, stating that the initiative will be aimed at bringing together experts on data security to share best practices, particularly for small and medium-sized businesses.

The focus on data security at small-to-medium sized businesses is a logical choice for the agency. Its ongoing legal tussle with Atlanta-based LabMD illustrates challenges the Commission faces as it seeks to enforce data security obligations on small businesses. Such entities are often ill-equipped to adequately protect the growing amounts of sensitive personal information they are collecting.  This is an incredibly important issue. As NCL’s #DataInsecurity Report found, nearly 6 in 10 data breach victims indicated that their trust in retailers decreased following a breach. For a small business struggling to stay afloat, losing the confidence of customers due to a data breach can mean the difference between keeping the lights on and a “closed” sign on the front door.

So what can the Commission hope to accomplish at its September meeting? In the interests of promoting consumer data security, we propose that the meeting agenda cover some basic data security policy topics, such as:

  • Is there a sufficient flow of information and best practices on breach trends, emerging threats from hackers, etc. being shared by the FTC with business that are entrusted to store consumer data? If not, how can this improve?
  • The Online Trust Alliance estimated that 90% of data breaches in 2014 could have been prevented if basic security measures had been taken. With this in mind, how can businesses be incentivized to make sure they are taking the basic steps to protect their data?
  • Small and medium-sized businesses often lack the budget and/or expertise to craft robust data security protections, yet they are increasingly collecting large amounts of sensitive data about their customers. What requirements should be placed on a pizza parlor, for example, when it comes to data security?
  • We often hear that it’s not “if,” it’s “when” when it comes to data breaches at businesses. However, it seems that businesses, particularly small-to-medium sized businesses, aren’t prepared to protest against the data breach threat. Is this accurate? If so, what can the FTC do to change that mindset?
  • Government data security mandates can only do so much to create a climate where data security is taken seriously by business. What flexible, market-based incentives exist to promote data security? Is cyber-insurance the answer?
  • There is no shortage of cybersecurity firms offering high-priced solutions to small-to-medium sized businesses. Are there free or low-cost solutions that businesses can take today that will measurably reduce their data security risks (e.g. enable multi-factor authentication, create stronger passwords, encrypt sensitive data)?

The “Start With Security” initiative is a good opportunity for the FTC to promote solutions that businesses can take to reduce their data security risk. However, absent reforms in Congress to tackle tough issues like data breach notification and a comprehensive data security standard, education can only do so much. We hope that the Commission will use the September 9 forum to highlight the impact that breaches continue to have on consumers and businesses and to push Congress to pass real data security reforms.

Don’t let your new computer get filled with scammy software – National Consumers League

/in , , /by

With the holidays upon us, many consumers will soon be unwrapping new laptops, tablets, and desktop computers. Out of the box, these new devices run great, but over time they can become clogged with all manner of scammy software. At best, these programs can degrade performance. At worst, they can lock down your new device and steal personal information.

Web browsers are a popular way that scammers gain entry to consumers’ computers. This is often done via deceptive browser tools and extensions.  These programs are typically legitimate and useful software that add new features to Web browser or otherwise alters the default Web surfing experience.  Popular examples include browser toolbars, language translators, and email notification icons.

Unfortunately, as many victims know too well, scammers also creating browser downloadables that promise one thing, but unleash a parade of horribles on unsuspecting consumers.  For example, these programs can rewire your browser settings and degrade your browser and computer performance.  They may also overlay scammy or inappropriate ads all over the web pages you visit, often covering up content that you want to see.  Even worse, these unwanted programs can introduce malware and other security and privacy threats, including stealing passwords and account login information.  And in many cases, they are impossible to get rid of without expert (read: expensive) help.

 So, what else can consumers do? Here are some tips for spotting and avoiding being a victim:

  • Keep your browser and operating system up to date. Most operating systems and software will notify you when it’s time to upgrade – don’t ignore these messages and update as soon as you can. Old versions of software can sometimes have security problems that criminals can use to more easily get to your data.

  • Know what you are downloading. Software from unfamiliar third parties may contain unwanted add-ons or malware. Be sure to know from where the software originates and only download it from a reputable source or a well-known app store.

  • Review Installation Options. When you download programs and extensions, pay attention to the fine print details and any auto-checked checkboxes. Make sure that you understand what programs are being installed.

  • Read the User Agreement. In addition to only downloading software from a reputable source, also be sure to read disclosures on the download site to understand exactly what you’re installing. Don’t install software from sites your browser tells you may contain malware or software bundled with “additional offers” unless you fully understand what is in them.

  • Recognize the signs of infection. Here are some clues that a suspicious program is affecting your browser:
    • Your browser doesn’t block pop-up ads from showing
    • Your homepage, startup page, or default search engine has changed to a site you don’t recognize
    • Unfamiliar extensions or toolbars are added to your browser
    • The browser’s desktop shortcut opens an unfamiliar website

  • Remove scammy software. Routinely scan your computer for malware with antivirus software you trust.

  • If you get hit with a scammy download report it Fraud.org or the FTC.

These tips are part of the National Consumers League’s continued commitment to helping consumers keep themselves safe online. In particular, NCL’s #DataInsecurity Project raises awareness about the need for reforms aimed at better protecting consumer data and calls on our policymakers to act now to strengthen cybersecurity standards.

Announcing the #DataInsecurity Project – National Consumers League

/in , , /by

Last December, millions of consumers busily rang up more than $600 billion in holiday purchases. Unfortunately, hackers were also having a field day — at consumers’ expense. We learned that lax security procedures combined with an insecure payment mechanism resulted in as many as 110 million shoppers at retail giant Target having their personal information compromised.

Security researcher Brian Krebs, who first broke the story of the Target breach, recently published a startling set of numbers that demonstrates the impact of this one incident. They include:

  • $200 million – The cost to credit unions and community banks for reissuing 21.8 million credit and debit cards;
  • $18-35.70 – The media price range per card stolen from Target and resold on the black market in the months after the breach;
  • 1-3 million – The estimated number of cards stolen in the Target breach that were sold on the black market and successfully used to commit fraud;
  • $53.7 million – The estimated income that hackers generated from the sale of 2 million cards stolen from Target (at a median price of $18-35.70); and
  • $55 million – The size of outgoing Target CEO Gregg Steinhafel’s golden parachute.

Sobering as these numbers are, they represent the fallout from a single data breach, albeit a massive one. In 2013, the Verizon RISK team reported more than 1,300 data breaches. The non-profit Privacy Rights Clearinghouse, which tracks data breaches, reported that more than 257 million records were compromised last year as well. A recent study by the Ponemon Institute found that the average total cost of a data breach in the U.S. is $5.85 million per incident. The probability that a U.S.-based organization will experience a breach of at least 10,000 records in the next 2 years is 18.7 percent, according to the Ponemon study.

By 2020, annual global data production is expected to hit 35 zettabytes, (or 35 trillion gigabytes). This data explosion will power unfathomable changes to consumers’ daily lives. However, the existence of that much data – much of it personal and very valuable to malicious actors – demands stronger security practices. Federal agencies like the FTC are doing yeoman’s work to hold companies to account for lax data security. But the FTC’s authority in this area is in question in the courts, and case-by-case adjudication is unlikely to sufficiently address the larger problem. Organizations like the National Institutes of Standards and Technology have developed voluntary frameworks for cybersecurity, but companies and other entities are not compelled by law to adopt it. Standards bodies like the PCI Security Standards Council have industry backing, but they are sector-specific.

While no one can wave a magic wand and solve the problem of data security, more can and should be done in Congress to give enforcement agencies the tools they need to protect consumer data and prod industry to make data security a top priority.

That is why we are announcing today the launch of the NCL #DataInsecurity Project. We are calling on policymakers in Congress, federal agencies and the states to be champions for data security. For too long, policy inertia has prevented meaningful reform on Capitol Hill and elsewhere that would better protect consumers’ data. There are a number of promising bills currently pending in Congress, but more can and must be done. Pro-consumer steps to enhance data security include:

  • Creating a national data breach notification standard, modeled on strong state protections such as California’s;
  • Requiring businesses that maintain consumers’ personal data to protect that information via specific data security requirements;
  • Giving the Federal Trade Commission and state Attorneys General civil penalty authority to enforce violations of data security requirements;
  • Increasing civil and criminal penalties for malicious hacking;
  • Increasing efforts to enhance cooperation with international partners to bring overseas hackers to justice;
  • Requiring retailers and banks to implement the highest level of security available to protect consumers’ payment data

In an era when vast amounts of data are being collected about them, consumers must have confidence that their information is safe. The Target breach was a wake-up call. We can no longer sit idly by while sophisticated hackers steal with impunity and businesses accept the status quo as just another cost of doing business. The time for reform is now.