Equalize standards for protecting customer data

The security of our personal data stored in cyber space — as well as the dependability of key systems that utilize the Internet — are now regularly under attack.  

Just last week, the U.S. government warned that malware sponsored by the Russian government  has been installed in the U.S. electrical grid and the delivery of our electricity could be at risk.  Such a scenario could wreak havoc in hospitals, grocery stores, gas stations, department stores, banks, homes and countless other places.  Other key systems face similar threats.  

{mosads}Predictably, the next large customer data breach will happen any day.  It’s not a matter of if, but when. 

You’d think such dire warnings would cause businesses and policymakers to be rapidly scrambling do everything humanly possible to improve our cyber security defenses.  

Unfortunately, that is not always the case.  

In a recent letter to Congress, groups representing some retail merchants called for a national data breach notification law.  Such legislation is certainly needed and could provide better notice to customers if a data breach occurs. The legislation could also streamline a patchwork of similar state data breach notification laws.  

However, notifying customers of a problem after it occurs, does not prevent the problem.  More than just passing data breach notification legislation is urgently needed. 

Legislation is also necessary to ensure businesses are held to a higher standard when it comes to protecting customer information.   

Much of the financial services industry is already required to meet specific legal standards as it protects customer data.  Surprisingly, businesses such as retail merchants are not required to abide by similar standards, yet their letter to Congress does not mention this issue.  

In addition, Congress should urgently pass “information sharing legislation” which will allow businesses and government to better coordinate their cyber defense efforts by sharing cyber threat information.  The U.S. House of Representatives has passed such legislation but the Senate has been unwilling to act. 

Supporting a new data breach notification law is the easy part.   However, Congress should not be satisfied with that.  Any new data breach notification law must include equalizing data security standards that would require all businesses handling consumer payment information to meet the type of customer data protection standards the financial services sector must already meet.  

The Internet connects nearly everyone and everything, yet the collective strength of our cyber defenses is only as strong as its weakest link.  Fostering collaboration isn’t always easy but it is essential.  This year both the financial and merchant industries have invested considerable resources on many areas of collaboration like enhancing information sharing and rolling out more secure chip-based payment cards.  But there’s always room for growth. Rapidly improving our nation’s laws to require the highest safeguards possible for our cyber security is an important and obvious step for Congress to take.  

Pawlenty is the president & CEO of the Financial Services Roundtable. He served as Minnesota’s governor from 2003 to 2011.



More Homeland Security News

See All
See all Hill.TV See all Video

Most Popular

Load more


See all Video