- George Colli Washington News Bureau
Lawmakers are considering several pieces of legislation that would require notifying customers when their personal information is compromised in a data breach.
The push for setting a national standard for notification comes weeks after Yahoo announced more than 500 million accounts were hacked in 2014. The company did not notify customers for two years.
Some privacy and consumer advocates argue legislation isn't the answer.
Jim Harper, senior fellow at the Cato Institute, says there are cases when it may not be best for companies to notify people about each and every time they are hacked.
"You want to notify people when they can do something to protect themselves," Harper said. "When data is breached, notifying may just concern (consumers) because they can't do anything about it."
Harper says the focus should be on holding companies accountable to keep their users' information secure.
"It's not a matter of federal regulation but common law litigation," he said. "Nothing the government can do now can fix this these problems. They're too complex for a single standard especially from the federal government."
Ed Mierzwinski, of the consumer advocacy group tje U.S. Public Interest Research Group, says consumers need to take their digital security into their own hands. He says that includes using passwords which include letters, numbers and symbols.
"Consumer groups recommend a security freeze, which is sometimes called a credit freeze, that locks the door on your credit report so no one can get in," Mierzwinski said.
He said the legislation could end up doing more to protect the companies that allowed the information to be stolen instead of the people that are victimized. He thinks state laws already protect the consumer and any federal action by Congress would weaken those protections.
"The strongest state laws say if 'you lose your information, tell your customers,'" Mierzwinski said. "The company that lost your info wants the right to decide when it's been lost and we disagree with that."
Congress could take up notification legislation during the lame duck session after the election.