(Saint Paul Pioneer Press (MN) Via Acquire Media NewsEdge) Feb. 02--Congress takes its first look at Target's data breach this week, a moment some analysts think finally will prod lawmakers to pass tougher safeguards for protecting consumer information.
"We will see federal legislation come out of this, and Target is the incident that will drive data security," predicts Jonathan Fairtlough, managing director with the cyber-security firm Kroll.
The theft of personal information from up to 110 million Target shoppers is "something that's gathered people's attention, it is something that's stayed up on the news, it's something that people will want to see a broader response to," Fairtlough said.
On Monday afternoon, the U.S. Secret Service will testify before a Senate Banking subcommittee. The Secret Service is leading the investigation into breaches at Target, Neiman Marcus, Michaels and other retailers.
On Tuesday morning, Target's chief financial officer, John Mulligan, will testify before the Senate Judiciary Committee as it examines "preventing data breaches and combating cybercrime." An executive from Neiman Marcus will also testify.
The hearings follow breach after breach, each adding to concern about the security of online information.
"Back in December, I was asked if we were going to see another breach like Target, and I said 'Of course we are,' " said Julie Conroy, a payment-security expert at Aite Group.
"These breaches are happening all the time," Conroy said last week at a data security forum.
At Kroll, Fairtlough repeatedly has advised panicky corporations once they realize their systems have been infiltrated and their customers are at risk. He hasn't been involved in the Target breach, but he believes its case carries special resonance.
"Target is the sort of brand that everyone shops at, everyone knows, and they're known to do a really good job selling," Fairtlough said in an interview. "If this can happen to Target, just how bad is this data security problem?"
Bad enough that it may be uniting feuding parties -- bankers and retailers, Republicans and Democrats -- to seek ways to find a solution.
For years, tough cyber-security measures have been proposed in Congress but never adopted. For years, retailers and bankers have quarreled over the burdens and benefits of adopting more secure systems. The string of data breaches has changed the conversation.
Charlie Scharf, CEO of Visa, on Thursday warned that everyone "will suffer if we don't work together to get to a better place ... to jointly work together toward better data security standards and better payment security standards."
Target is convinced. CEO Gregg Steinhafel has promised to "accelerate the conversation -- among customers, retailers, the financial community, regulators and others -- on adopting newer, more secure technologies that protect consumers."
Fairtlough expects Congress eventually will adopt a national data-security standard rather than continuing with a patchwork of state standards.
"This is going to be a watershed moment, because one of the things that Target really shows is, we don't have a national standard for data security," he said.
He expects any federal law to include more timely notification to consumers, better information about the scope of the breach, more effective ways that consumers can respond, and some sort of national data-breach registry. He also expects to see limits on access to sensitive consumer data.
"I don't see it coming into being in six months, but I do see it coming into being in two years," Fairtlough said.
Tom Webb can be reached at 651-228-5428. Follow him at twitter.com/TomWebbMN.
(c)2014 the Pioneer Press (St. Paul, Minn.)
Visit the Pioneer Press (St. Paul, Minn.) at www.twincities.com
Distributed by MCT Information Services