Holder calls for federal law on data breaches

Attorney General Eric HolderEric Himpton HolderMichigan Republicans sue over US House district lines State courts become battlegrounds in redistricting fights New Hampshire Republicans advance map with substantially redrawn districts MORE on Monday urged Congress to pass a law that would require companies to notify the public about data breaches.

"This would empower the American people to protect themselves if they are at risk of identity theft," Holder said in a statement. "It would enable law enforcement to better investigate these crimes — and hold compromised entities accountable when they fail to keep sensitive information safe."

The Justice Department’s push comes about two months after Target suffered a massive data breach in which up to 70 million customers’ personal information was put at risk, including email addresses and phone numbers.


Nieman Marcus suffered a similar breach last month and said 1.1 million credit and debit cards were compromised, when hackers entered the department store’s system.

Such data breaches, Holder said, “are becoming all too common.”

“It's time for leaders in Washington to provide the tools we need to do even more," Holder added, urging Congress "to create a strong, national standard for quickly alerting consumers whose information may be compromised."

Federal law currently requires banks and hospitals to notify people if their personal information is taken by outsiders but doesn’t impose the same guidelines on companies, such as retailers.

Most states and Washington, D.C., have passed laws that direct companies to inform customers about data breaches, but there’s a debate about how to implement a federal law.

In a letter to Congress last month, the National Retail Federation urged lawmakers to pursue a federal standard that would pre-empt state laws.

— This story was updated at 12:23 p.m.