Sen. Richard Blumenthal (D-CT) said Tuesday that customers should be able to sue for negligence and get compensated for the harm that they suffer when companies lose their sensitive personal information.“I happen to believe that there ought to be a private right of action, and I’ll be interested to know whether the witnesses agree that citizens who are potentially harmed, and can show damage should be able to go themselves to court and seek remedies,” Blumenthal said in a Senate Judiciary Subcommittee cybersecurity hearing.
The comment is notable because computer security analysts have said that many hacking incidents in the private sector could easily have been avoided had it not been for shoddy security practices at the institutions.
On Sunday, for example, computer security and cryptography expert Bruce Schneier pointed to a recent credit card data breach at Citigroup and called it “embarrassingly stupid” and “kindergarten security they got wrong.”
Many states with data protection laws give consumers a private right of action, including California, which was one of the first states to enact such legislation.
Congress is working on federal legislation that would pre-empt state law and provide one standard that would protect consumers.
Blumenthal’s comments were part of a longer cybersecurity hearing that examined the Obama administration’s proposed cybersecurity legislation, which encompasses consumer data protection.
The witnesses at the hearing, including officials from the Departments of Commerce, Justice and Homeland Security, didn’t appear enthusiastic about Blumenthal’s idea.
James Baker, associate deputy attorney general, noted that companies whose databases have been hacked “are victims of crime,” but that he understood that lawmakers must create the right balance of incentives to ensure that companies were undertaking the necessary security measures.
Blumenthal, who was Connecticut’s attorney general before being elected to the Senate, responded that companies may well be victims of crime, but that some of them suffered from the crime because they left “their doors open.”
“I believe that remedies should be greatly enhanced,” he said. “There is a very real need for stronger, and more effective remedies to help mitigate any ongoing damages, or to provide relief to people who suffered harm.”