You can now read 5 articles in a month for free on BostonGlobe.com. Read as much as you want anywhere and anytime for just 99¢.

Mandate quick data-breach reports, Eric Holder says

WASHINGTON — Attorney General Eric Holder is urging Congress to require businesses to quickly alert consumers and law enforcement agencies of significant data breaches like the ones at Target and Neiman Marcus.

In a video posted Monday on the Justice Department’s website, Holder called on Congress to create a national standard for notifying consumers whose information may have been compromised, so people can protect themselves from identity theft.

Continue reading below

Holder said that congressional action would let law enforcement agencies investigate such crimes thoroughly and would hold companies accountable when they fail to safeguard sensitive information.

Holder said there should be exemptions for harmless breaches to avoid placing unnecessary burdens on businesses that act responsibly.

The comments followed a Feb. 4 Senate Judiciary Committee hearing at which executives from Target and Neiman Marcus were pressed about how quickly they notified customers of breaches.

The Justice Department told Target executives on Dec. 12 of suspicious activity involving payment cards and the company started an investigation, removed malware, and publicly announced the data theft on Dec. 19, said John Mulligan, executive vice president and chief financial officer at the number two US retailer.

A processing firm told the luxury retailer Neiman Marcus of a problem on Dec. 13, the company’s investigators made a report on Jan. 2, and customers were notified on Jan. 10, said Michael Kingston, senior vice president and chief information officer at Neiman Marcus Group.

Legislation in line with Holder’s comments, advanced by Patrick Leahy, Senate Judiciary Committee chairman and Democrat of Vermont, would establish a national standard for companies to follow in notifying consumers after a data breach. The White House has been calling for such a law for several years.

One White House proposal would require companies that collect information about more than 10,000 people over 12 months to notify any individual whose sensitive information is improperly accessed or stolen “unless there is no reasonable risk of harm or fraud.” The proposal also would require notice to the government and the news media if the breach affects 5,000 or more people.

Earlier this month, the administration released a 39-page guide urging vital industries like transportation, financial, health care, and energy to assess their risk to cyber attacks and take action to close gaps.

Loading comments...

Wake up with today's top stories.

Want each day's news headlines delivered fresh to your
inbox every morning? Just connect with us
in one of the following ways:
or
Please enter a valid email
BostonGlobe.com will never post anything without asking.
Privacy Policy
Subscriber Log In

You have reached the limit of 5 free articles in a month

Stay informed with unlimited access to Boston’s trusted news source.

  • High-quality journalism from the region’s largest newsroom
  • Convenient access across all of your devices
  • Today’s Headlines daily newsletter
  • Subscriber-only access to exclusive offers, events, contests, eBooks, and more
  • Less than 25¢ a week
Marketing image of BostonGlobe.com
Marketing image of BostonGlobe.com