Following massive consumer data breaches in 2017, such as the November Equifax [EFX] hack, banking and retail associations are urging Congress to pursue legislation to standardize cyber attack response protocols.

In a Thursday letter to House Energy & Commerce Committee Rep. Greg Walden (R-Ore.) and Subcommittee on Digital Commerce and Consumer Protection Chairman Bob Latta (R-Ohio), 22 trade groups called for clarification on how banks and companies holding mass quantities of personal customer data must improve disclosure of data breaches.iStock Cyber Lock

“We support federal legislation to protect personal information and, in the event of a data breach that could result in identity theft or other financial harm, ensure consumers are notified in a timely manner,” the groups wrote in their letter. Signatories include the American Bankers Association, Internet Commerce Coalition, and USTelecom.

Security officials have previously voiced concern that a lack of governmental pressure and inconsistent penalties improperly disclosing or mitigating cyber attacks is allowing companies like Equifax to continue the same inadequate cyber protection protocols (Defense Daily, Oct. 6).

The Equifax breach resulted in the potential compromise of about 145 million Americans’ personal data.

In the letter to the House leadership, the groups offer support for legislation that ensure customers are made aware of data breaches involving their information in a more immediate manner.

New legislation should include a flexible standard for data protection that factors in an organization’s size, available security tools and the sensitivity of the personal or company information at stake, the group wrote in its letter..

Breach reporting should also require timely notices to impact customers, law enforcement and federal regulators in situations when un-encrypted personal information is potentially available for identity theft.

A new breach standard should be enforced by the Federal Trade Commission, according to the groups, and the agency would assume responsibility for imposing penalties.

“Data security impacts every sector of the economy. We therefore look forward to working with you and your colleagues to ensure that all sectors employ sound data security and alert consumers when a breach may result in identity theft or other financial harm,” the letter said.