Over the past 10 years, more than 5,200 data breaches have exposed almost 800 million records, including people’s names and sensitive information such as Social Security Numbers, driver’s license numbers, and medical or financial records. During the same period, states have enacted a dizzying variety of laws requiring companies to notify consumers in the event of a breach. As a result, we have a national patchwork quilt of differing requirements that together provide decidedly uneven protection. The lack of a uniform federal standard for data breach notification also has created an unnecessarily complex situation for companies, which must now spend more time navigating this murky legal terrain than actually protecting consumer data. Congress should act swiftly to pass a strong federal data breach law that preempts all the conflicting state laws.
