In the wake of massive security breaches
that reportedly took place before and during the height of the holiday shopping
season at Target, Nieman Marcus and, security experts say, probably other
retailers as well, federal lawmakers have introduced a bipartisan bill that
would impose new requirements on companies concerning the protection of
confidential information related to credit and debit cards.
In actuality, what the proposed
legislation, named the Data Security Act of 2014, would do is to greatly reduce
consumer rights to seek redress for their damages through the courts. The
legislation would ultimately ban private causes of actions, prohibit class
actions, and prevent the consumer to sue under state law causes of action.
Introduced last week by Sens. Tom Carper
(D.-Del.) and Roy Blount (R-Mo.), the Data Security Act would provide enhanced
consumer security by providing uniform national standards in place of a
patchwork of state laws that now exist, according to a press release. It would
also require not only retailers but financial institutions and federal agencies
to investigate security breaches and inform consumers. While this all sounds
great, it leaves the individual who was actually harmed with little or no
remedies through the courts at all.
There are several competing bills which
have also been proposed. Those bills seek more severe criminal penalties
against the computer hackers and those who conceal security breaches. Unfortunately,
the hackers who cause the mayhem are seldom caught and prosecuted, hiding behind
the anonymity of the internet and remote areas where U.S. law enforcement has
little or no reach.
Some States have no statutes that protect
the individual consumer, letting claimants rely on common law causes of action.
This bill would potentially strip consumers from even those tools to recover
against a company like Target.
