Attorney General Eric Holder Wants Companies to Disclose Cybercrime Activity to Customers Faster

April 9, 2014 by David S. Seltzer

United States Attorney General, Eric Holder, has asked Congress to create a national standard to compel businesses to tell customers and law enforcement about cybercrime data breaches.

In a recent video address, Holder invoked data breaches at stores like Target, Neiman Marcus, and Michaels; these breaches compromised the personal data of tens of millions of Americans.

Holder wrote: “these crimes are becoming all too common… although Justice Department officials are working closely with the FBI and prosecutors across the country to bring cyber criminals to justice, it’s time for leaders in Washington to provide the tools that we need to do even more by requiring businesses to notify consumers and law enforcement in the wake of significant data breaches.”

Current federal laws do require hospitals and banks to tell patients and consumers about cybercrime-related data beaches; however, retailers do NOT have to comply with a federal standard.

The National Retail Federation, unsurprisingly, likes Holder's idea. The association wrote to Congress back in January that “a Preemptive Federal Breach Notification Law would allow retailers to focus their resources on complying with one single law and enable consumers to know their rights regardless of where they live.”

The Attorney General and the National Retail Federation aren’t the only ones concerned about the threat of cybercrime. President Obama recently remarked that cybercrime constitutes “one of the gravest national security dangers the United States faces.” The Department of Homeland Security recently created a program designed to help companies determine their vulnerability and protect themselves against computer crimes. Department of Homeland Security Secretary, Jeh Johnson, said "it boils down to this… in cyber security, the more systems we secure, the more secure we all are… a vulnerability in one place can cause a problem in many other places.”

On the one hand, these cries of alarm come from a place of good intentions. No one wants to have his or her data pilfered and exposed. No one wants to go through the awful rigmarole of recovering from identify theft. No company wants to deal with recovering from a cyberattack.

That being said, we have concerns about the specifics. If authorities expand prosecutorial powers, intensify punishments and expand the scope of anti-cybercrime laws, who or what will correct against overreach?

Also, while it’s important to be mindful of threats, we need to ground our thinking and actions in reality. The National Cyber Investigative Join Task Force reports that cyberattacks have only been “isolated schemes” thus far. FBI attorney Steve Chabinsky admitted that “all the government's knowledge [taken] together… demonstrates there is no evidence of coordinated effort – whether by criminal groups or nation states – to harm the U.S. economy [via cyberattack].”

This doesn’t mean that there might not be – or that authorities might be overlooking something.

However, it raises a big question: are we reacting to an actual threat or just a fear of a threat?

The point is this: authorities everywhere are in a state of extreme hypervigilance against cybercrime. So if you or someone you love stands accused of Florida computer crime charges, you may need to create a strategic, thorough defense strategy. Call the team here at Seltzer Law, PA, at 1-888-THE-DEFENSE (888-843-3333) for a free consultation about your defense.