An increasing number of consumer data breaches are resulting in identity fraud. And federal privacy advocates are looking to California policies for guidance.
The headlines before Christmas last year were hard to miss, retailer Target announced debit and credit card information of about 40 million of its customers had been compromised. A new report from the National Consumers League may give those customers more cause to worry. The report finds in 2013 nearly one in three data breaches resulted in fraud, that’s up from one in nine in 2010.
The League’s John Breyault says federal breach notification legislation is needed so all consumers can protect themselves. And he says California’s law should serve as a model.
“Among other things, it requires prompt notification, there’s no cause of harm analysis before notification happens," he says. "There’s a private right and the types of information that would trigger a notification is very broad.”
Joanne McNabb with the California Attorney General’s Office says the state was the first to create a data breach notification law in 2003. She says it’s been strengthened several times since then. It now requires people be notified if their email or Internet passwords have been breached.
“Both because that can put the information in people’s accounts at risk, but also because it’s unfortunately common that we use the same passwords over and over again," she says. "So if one password is breached that can put all accounts at risk.”
McNabb says, in California, any data breach that affects more than 500 people must be reported to the state. She says 167 such breaches occurred in 2013, up 20 percent from the year before.