Can existing laws protect consumers after Target breach? - WTVM.com-Columbus, GA News Weather & Sports

Can existing laws protect consumers after Target breach?

PHOENIX (CBS5) -

At least 70 million people are now in the crosshairs of the Target breach. And alarmingly, that number could soar past 100 million.

"It's a game changer," said Mark Pribish, an identity theft expert and vice-president with Merchants Information Solutions, Inc. in Phoenix. "They still don't have a handle on it," he said about the big box retailer's security breach of customers' personal information.

CBS 5 News is asking if there are any protections for consumers, considering potentially a third of American's have now been affected by the hack.

We found laws on the books here in Arizona may not go far enough to protect you. It's not clear yet how many Arizonans have been affected by this breach, but the number could be huge. Arizona Federal Credit Union reports 20 percent, or 20,000 of its 100,000 total card holders had their personal information stolen due to the Target breach.

"The "Arizona" law is one of 46 state breach-notification laws in the U.S.," Pribish said in referring to Arizona civil statute 44-7501. But as we discovered, that statute only requires that a business notify people affected by a breach. "The requirements are minimal," Pribish added.

He says times have changed, and so have data breaches. Arizona's law needs an update, he says.

Pribish, and some politicians alike, suggest there be "...some information security and governance requirements standards for all business regardless of the size of the business," Pribish said.

That's actually the aim of legislation re-introduced in the U.S. Senate just this past Wednesday.
The Personal Data Privacy and Security Act was first proposed in 2005.

"Since that time, it's been proposed virtually every year, and each year, to be polite, there's a watered down version," Pribish said.

It calls for businesses to have a detailed security program. But it also allows for states and the Federal Trade Commission to levy legal action, including fines, against companies liable for data breaches.

"You could be fined up to $500,000 per incident for each data breach event," Pribish explained.

But Ken Colburn with Data Doctors says those "standards" may be a bit futile.

"There's already requirements as a retailer for anybody that's taking credit cards, to comply with the processing card industry requirements," Colburn said.

He points to a more frightening risk not addressed in either PDPSA bill or Arizona's current legislation.

As Colburn put it, "The human on the inside of a system has always been the number one security risk."

The cost of a breach to you, the consumer, could be high. And to companies too. A computer software security company called Symantec found the cost of detection and notification of a breach could cost $188 per customer. If 70 million Target customers are at risk, the breach could cost Target $1.3 billion.

Copyright 2014 CBS 5 (KPHO Broadcasting Corporation). All rights reserved.

  • Trending StoriesTrending StoriesMore>>

  • McDonald's customers sue over paying for cheese on burgers

    McDonald's customers sue over paying for cheese on burgers

    Sunday, May 27 2018 6:35 AM EDT2018-05-27 10:35:01 GMT
    Sunday, May 27 2018 6:35 AM EDT2018-05-27 10:35:01 GMT
    The plantiffs claim McDonald's has been overcharging them because they have been paying for cheese they didn't want nor receive. (Source: Flickr)The plantiffs claim McDonald's has been overcharging them because they have been paying for cheese they didn't want nor receive. (Source: Flickr)

    The plaintiffs claim McDonald's has been "unjustly enriched" because customers have been paying for cheese they don't want.

    More >>

    The plaintiffs claim McDonald's has been "unjustly enriched" because customers have been paying for cheese they don't want.

    More >>
  • Grieving couple unable to cremate stillborn, conjoined infants due to NC law

    Grieving couple unable to cremate stillborn, conjoined infants due to NC law

    Sunday, May 27 2018 2:24 AM EDT2018-05-27 06:24:37 GMT
    Sunday, May 27 2018 2:24 AM EDT2018-05-27 06:24:37 GMT
    A North Carolina law on cremation procedures forbids the cremation of more than one person within the same cremation chamber. (Source: WRAL/CNN)A North Carolina law on cremation procedures forbids the cremation of more than one person within the same cremation chamber. (Source: WRAL/CNN)

    A North Carolina law on cremation procedures forbids the cremation of more than one person within the same cremation chamber.

    More >>

    A North Carolina law on cremation procedures forbids the cremation of more than one person within the same cremation chamber.

    More >>
  • Police release body cam footage of I-95 shooting death

    Police release body cam footage of I-95 shooting death

    Friday, May 25 2018 11:21 PM EDT2018-05-26 03:21:37 GMT
    Marcus-David Peters was shot and killed by a Richmond police officer on Monday, May 14. (Source: Richmond Police Department)Marcus-David Peters was shot and killed by a Richmond police officer on Monday, May 14. (Source: Richmond Police Department)

    The Richmond Police Department released body camera and surveillance camera footage on Friday of the shooting death of Marcus-David Peters.

    More >>

    The Richmond Police Department released body camera and surveillance camera footage on Friday of the shooting death of Marcus-David Peters.

    More >>
Powered by Frankly