By Reps. Marsha Blackburn (R-TN) and Peter Welch (D-VT)
Hackers are stealing key personal data and cashing in on it at a staggering rate -- tens of billions of dollars each year. It's a modern day Wild West, and the descendants of Jesse James and the safe robbers of years past never had it so good. Too often, today's criminals don't even have a tough "safe" to crack. It's time Congress changed that by passing a national data security standard to help protect Americans against breaches. We have joined in drafting bipartisan legislation to do just that.
It's not an easy course. Since Choicepoint, the first big data breach in 2005, there have been more than 4,000 additional breaches. Over the past decade, Congress has introduced more than 40 bills to address the problem of data breach, but not a single one is law because none struck the right balance.
In the meantime, the financial harm to our nation has grown by the day. Cyber crimes are now estimated to cost consumers $100 billion annually and cost the U.S. economy 508,000 jobs each year. On average, one-third of data breach notification recipients became victims of identity fraud in 2013; a stark increase over one-fourth in 2012.
Not only is it too easy for the criminals, it's very hard to find them as they hide online, often overseas. What Congress can do is make it harder to steal the key personal data that is valuable -- the cyber gold. The Secret Service has told us that data breaches are primarily monetized through financial fraud. Based on information from enforcement agencies and security companies, we have tried to identify the key personal data that pay the criminals.
Our country cannot spare the trillion dollars in costs and 5 million jobs that another 10 years (at the current rate) could cost us without legislation. Consumers not only have to worry about their credit in a very tight economy, but they suffer the burden of the costs of breaches in higher fees and prices.
Our bill is narrowly focused on cutting off the path of criminals to personal data because we have been able to reach consensus on the best way to protect it. Understandably, some folks want to protect more data, even all data. There are very real and very important privacy concerns that should be addressed. But consensus on privacy legislation has been elusive at best. This bill takes an important first step forward in protecting American consumers and businesses from cyber criminals. Making progress on this front, we hope, can lead to consensus on protecting data in all its forms.
Our bipartisan draft establishes a single national standard based on the existing state laws. It combines the security requirement with robust enforcement at the federal and state level to maximize enforcement and consumer access. This would send a clear message to companies to improve security for all consumers rather than playing games state by state. And, of course, consumers must be notified if they fall victim to identity theft or payment fraud because of a breach.
While we cannot address all the privacy concerns in this bill, we must not prejudge them. The bill carefully limits itself to securing personal data against unauthorized access and consumer notification when a harmful breach occurs. What data can be collected, how it is used, and what sharing is permissible -- these hallmarks of privacy are not disturbed. States, federal agencies and Congress would be as free to address these issues after passing our data breach bill as they are today.
Through 10 years of mass data breaches, Congress has fiddled while Rome burns. The pattern of costly data breaches speaks for itself. Congress must do what it can now to help consumers, help the economy, and stop funding these cybercriminals who use the money they make to perpetrate even worse crimes. Nothing frustrates our constituents more than when Congress is presented with a very real problem, and very plausible solutions, but does nothing due to partisan dysfunction.
Last year was dubbed the year of the breach. We are committed to making 2015 the year of bipartisan breach legislation. Please join us in saying enough is enough, and restoring some order to the Wild West of the 21st century.