T-Mobile and Experian announced that an unauthorized attacker accessed servers from September 1 until September 16 and stole information including customers names, dates of birth, addresses, and social security numbers. Unfortunately, it seems as though data breaches are occurring regularly these days and causing problems for both consumers and companies. In fact, according to Hewlett-Packard’s HP Enterprise Security, cyberattacks have cost $1.9 million in the last year for U.S. companies. Within that figure, preventative measures and reaction measures are included. Many companies are pushing to help prevent data breaches. In fact, since October 1, 2015, businesses that process transactions using credit cards have been forced to switch from credit card readers to a chip, pin, or signature readers to ensure greater protection. This shift, however, leaves any customer with the least amount of protection highly susceptible to theft. Of course, this method is only useful in stores where a customer uses a credit card, but customers give their information in many different ways including through credit card applications, loan applications, and even for employment applications and would therefore still be unprotected. What exactly is going to prevent these data breaches from occurring?
Under 18 U.S.C. section 1028, the taking, possessing, and transferring of identifying documents via fraud is a crime. This section was recently approved on September 24, 2015. The law was introduced in the House of Representative in February of 2015 and in the Senate in April of 2015. The passing of 18 U.S.C. section 1028 was no doubt in response to the many data breaches over the last several years. Just in the last year, big retail chains like Home Depot and Target were victim to data breaches causing many of their customers to wonder if their information had been stolen. The Target breach occurred at the worse time of the year, during the holiday season. Subsequently, after Congress returned from break, the House introduced what is now 18 U.S.C. section 1028. Similarly, the Home Depot’s data breach was followed by the Senate’s introduction of 18 U.S.C. section 1028. Congress seemed to react to the need for governing federal law to help protect against the data breaches. However, without enforcement, companies are likely to keep experiencing data breaches.
So what is next for companies who seek to prevent data breaches? The new law suggests that companies will be getting help from the federal government to at least find who is completing the data breaches and prosecute them. The help could permit the companies to reduce their ever-growing cost of data breaches. That is not to say that companies will be able to abandon all their safeguards or preventative measures, they will still need to invest in such protections, but at least with the enforcement of 18 U.S.C. section 1028, cyber criminals might be deterred from future data attacks. Only time will tell if the law will help prevent future data breaches.
Bio: Jessica is a Staff Member of the Journal of High Technology Law. She is currently a 2L at Suffolk Law. She possesses a B.S. in Legal Studies and Foreign Language from Roger Williams University.
Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.