Over the past week, six separate companies have announced large scale data breaches. Hudson’s Bay, the parent company of Saks Fifth Avenue and Lord & Taylor department stores, announced that 5 million payment cards may have been compromised. Panera Bread recently announced that they may have had data vulnerabilities for more than 8 months, with estimates ranging from tens of thousands to millions of consumers affected. Under Armour announced that 150 million MyFitnessPal accounts were breached. Sears and Delta Airlines announced that customer payment information was compromised on their online chat support, provided by an outside company. Nearly two weeks ago, Orbitz announced a possible data breach that may have exposed the credit card data of more than 800,000 consumers.

As we increasingly rely on online payments and other technology to make our lives easier, we should be able to trust that these companies are keeping our sensitive information safe. Unfortunately, for each state with robust safeguards and requirements in place, there is another with data protections that are simply insufficient. And the patchwork approach to regulation is unworkable for companies that do business in multiple states.

That is the reason I have joined my colleague on the House Financial Services Committee, Congresswoman Carolyn Maloney (D-NY), to write legislation that creates a national security standard for data protection and mandatory immediate consumer notification. The national standard will apply to businesses that access, maintain, store or handle personal information while providing flexibility based on an individual company’s size, complexity, and sensitivity of the information it maintains.

Once we have a responsible federal standard in place, companies will no longer have to navigate the maze of state regulations allowing them to better focus their time and resources on securing the personal information they hold and protecting their consumers.

Not only does our bill protect consumer data, but it also puts the consumer first by requiring immediate notification of a data breach. The requirement for immediate notification rivals even the most aggressive state laws, and is one of the most important aspects of this legislation. People must be able to protect themselves when their information is compromised.  Forcing them to wait weeks or months to do so is unacceptable.

As we continue to hear reports of large-scale data breaches like those at Hudson’s Bay, Panera Bread, Under Armour, Sears, Orbitz and Delta Airlines, I am working hard to make sure our laws put consumers first. No matter which state a consumer lives in, their data should be equally and forcefully protected. After all, no individual’s personal information is more or less valuable than another’s. My colleagues on the Financial Services Committee and I will be working tirelessly to make sure all American consumers are protected by a strong national data security standard.

###