A consumer group is pushing business and government to adopt comprehensive reforms to better protect consumer data by among other things, urging lawmakers to pass a stringent national data breach notification bill and software vendors to not rely on patches to secure their products.
Noting that consumers are being asked to fork over more information, and that data breaches put that information at great risk, The National Consumers League (NCL), a 115-year-old consumer advocacy, has developed an awareness campaign and a list of reforms as part of a #DataInsecurity Project because “the landscape of protection for consumers is woefully inadequate,” concerns borne out by NCL's "The Consumer Data Insecurity Report: Examining the Data Breach—Identity Fraud Paradigm in Four Major Metropolitan Markets," based on recent research from Javelin Strategy & Research.
“Consumers are being asked to share more information with business, government and not-profits,” John Breyault, NCL's vice president, public policy, telecommunications and fraud, told SCMagazine.com Monday. “And the information is not always as protected as we think it should be.”
Initially convening late last fall at a conference to discuss identity theft, the group, which has been trying to hammer home the importance of online security for 20 years, changed its tactics in the wake of the Target breach.
“We realized we needed to rethink our approach and not just focus on the symptoms and ignore the larger issues,” Breyault said.
The NCL aimed its efforts at “what can be done by government and what incentives business needs” to bolster the security.
The Javelin research, which Breyault co-authored and which surveyed fraud victims in four major metropolitan areas — Washington, D.C., Minneapolis, Miami and Los Angeles — found that victims, nearly a third of whom take no action in the aftermath of fraud, blame businesses and banks for breaches. And, the bulk, 70 percent, “expect the federal government to ensure that businesses adhere to data security standards” though they also see existing regulations as “generally insufficient.”
The NCL intends to put pressure on lawmakers to come up with a national data breach bill, modeled after the tough, no-nonsense California legislation.
Noting that there is broad agreement that data is at risk and therefore should be a bipartisan effort, Breyault noted that data security legislation has been “held up for years in Congress,” with the exception of the recent progress made regarding information-sharing. And with only about “four weeks left until Congress recesses,” he doesn't expect legislative action any time soon.