WASHINGTON (AP) — Attorney General Eric Holder is urging Congress to require businesses to quickly alert consumers and law enforcement agencies in the wake of significant data breaches like the ones at discount retailer Target and at Neiman Marcus.
In a video posted Monday on the Justice Department's website, Holder called on Congress to create a national standard for notifying consumers whose information may have been compromised, so people can protect themselves from identity theft.
Holder said congressional action would let law enforcement agencies investigate such crimes thoroughly and would hold companies accountable when they fail to safeguard sensitive information. Holder said there should be exemptions for harmless breaches to avoid placing unnecessary burdens on businesses that act responsibly.
The comments followed a Feb. 4 Senate Judiciary Committee hearing at which executives from Target and Neiman Marcus were pressed about how quickly they notified customers of breaches.
The Justice Department told Target executives on Dec. 12 of suspicious activity involving payment cards and the company started an investigation, removed malware and publicly announced the data theft on Dec. 19, said John Mulligan, executive vice president and chief financial officer at the No. 2 U.S. retailer.
A processing firm told luxury retailer Neiman Marcus of a problem on Dec. 13, the company's investigators made a report on Jan. 2 and customers were notified on Jan. 10, said Michael Kingston, senior vice president and chief information officer at Neiman Marcus Group Inc.