' sedand | MTTLR

Will federal legislation make consumers’ private information safer?

After JP Morgan’s computers were penetrated in the early summer of 2014 by hackers, exposing the personal information of the firm’s customers, the firm did not disclose the breach until late in the summer.[1] Over 76 million customers’ contact information—phone numbers and email addresses—were stolen.[2] The Connecticut and Illinois Attorney Generals started scrutinizing JP Morgan’s delayed notification to their customers that their contact information was obtained by hackers, taking issue with the fact that JP Morgan “only revealed…limited details” about the extent of the breach.[3] Both attorneys general are assessing whether JP Morgan complied with their state privacy laws—mainly their state’s data breach notification laws. With the size of JP Morgan and with 76 million customer information breached, it is safe to assume that residents of Connecticut and Illinois were not the only ones whose personal information was compromised. Data breach has become a big issue not only for JP Morgan, but for many other companies. The same hackers who breached JP Morgan’s security wall attempted to get customer data from Deutsche Bank, Bank of America, Fidelity and other financial institutions.[4] Hackers breached Target and Home Depot’s customer credit information, taking 40 million of Targets’ customer credit card information and 56 million of Home Depot’s customer credit card information.[5] Data breach and data lost seem to be inevitable, whether it is through someone working internally for an organization—à la Edward Snowden—or through hackers— like in the case of JP Morgan, Home Depot and Target. Regardless of how data is lost, there is a need to evaluate the best approach in notify a consumer when someone else obtain a consumer’s...