The latest data breach was a big one. Hackers got into JPMorgan’s computer network, and the bank says that has put 76 million households and 7 million small businesses at risk.
Because it is a public company, JPMorgan is required by law to tell federal regulators about anything that could affect its share price, and that is what it did. JPMorgan notified the Securities and Exchange Commission last Thursday. But other companies don’t have to notify the government when their servers get hit.
When it comes to data breaches, the U.S. has a confusing patchwork of laws. It may surprise you there is no overarching federal law.
“From the very beginning of digital technologies and the Internet, the federal government took the view of ‘keep its hands off,’” says Fred H. Cate, who heads the Center for Applied Cybersecurity Research at Indiana University.
So, the states stepped in. California was the first to pass a data breach notification law. It has been on the books there since 2003. Forty-six states followed, along with Puerto Rico and the District of Columbia, and each one has a different law with different requirements.
“I think that everyone assumed that once you got a bunch of conflicting state laws, congress would step in and provide some clarity by providing a single federal law,” says Cate.
That hasn’t happened. Proposals have been held up in Congress, and an executive order President Barack Obama signed last year is voluntary.
Tina Ayiotis, who teaches law at The George Washington University, says after a string of high-profile attacks at Home Depot, Target and JPMorgan, we are starting to suffer from “breach fatigue.”
“At this point, the pain is not enough to really make it so that it becomes a priority,” she says.
What could change that, says David W. Opderbeck, a professor at Seton Hall University School of Law, is a cyber-attack on infrastructure, “like a power grid or a water supply, or the markets shut down for a few days.”
“When that kind of thing happens, then maybe we’ll see some action,” he says.
Until then, the action continues to be at the state level, keeping lawyers, consultants and compliance officers busy, and consumers confused.
We’re here to help you navigate this changed world and economy.
Our mission at Marketplace is to raise the economic intelligence of the country. It’s a tough task, but it’s never been more important.
In the past year, we’ve seen record unemployment, stimulus bills, and reddit users influencing the stock market. Marketplace helps you understand it all, will fact-based, approachable, and unbiased reporting.
Generous support from listeners and readers is what powers our nonprofit news—and your donation today will help provide this essential service. For just $5/month, you can sustain independent journalism that keeps you and thousands of others informed.