WASHINGTON — A new U.S. Chamber of Commerce survey has found that 86 percent of voters support a national standard to replace a patchwork of state regulations for companies notifying consumers when they are hit by data security breaches.
The survey, conducted by Public Opinion Strategies for the Chamber, found that 45 percent of the respondents have been notified that their information could have been affected by a data breach.
Lawmakers have been considering various data-breach bills among heightened concerns following massive data breaches that have hit several major retailers in the past few years, including Target Corp., Neiman Marcus Group and Home Depot Inc., that compromised the personal data of millions of consumers.
Retailers, which have supported some of the measures and opposed others, have been strong advocates of a national federal breach-notification standard to replace a patchwork of state laws that retailers must meet when data security breaches are discovered and consumer financial and personal data compromised. The Obama administration is also calling on Congress to pass legislation establishing a national standard.
Scrutiny of cyber attacks has been on the rise. In 2013, Target suffered a massive data breach that may have compromised the personal information of as many as 70 million people, in addition to credit- and debit-card information of up to 40 million customers.
Another high-profile attack involved a breach at Neiman Marcus that potentially affected 1.1 million consumers.
The survey released Wednesday examined the public’s views on the problem of data breaches and the growing litigation associated with it. It found that the “vast majority” of those surveyed think data breaches are “inevitably” going to impact major companies.
Public Opinion surveyed 800 voters throughout the U.S. by phone from Oct. 7 through Oct. 12. Nearly 75 percent of those surveyed said they worry “a lot” or “some” about the security of their personal information while shopping online, an increase of 10 percent from a survey conducted by CNBC in 2014. Sixty-four percent said they worry about personal information security when shopping in stores.
The survey found strong support for a national standard on when and how retailers must notify customer customers of a data breach, with 68 percent saying they side with proponents.
Survey participants heard the rationale of proponents that a single standard would ensure customers are notified swiftly and there would be less confusion than there is with a patchwork of state requirements. They were given an example that “California’s laws are in direct conflict with Massachusetts’ law and in one state, a company has 90 days to notify customers, while in other it is significantly less.”
Twenty-six percent said they preferred the view of people who oppose the proposal and believe in a state’s right to establish data-breach notification standards and that the federal government should not mandate a single standard. In terms of litigation, 84 percent said they support reining in investigations and lawsuits by passing consumer protection laws that address data privacy and do not allow government regulators and lawyers to rely on older laws.
Seventy percent of respondents said companies that take steps and invest in cyber security protections but are still victims of attacks should not be sued, and 75 percent said companies that respond to data breaches and notify customers quickly, provide free credit monitoring and fix the problems should not be sued.
Sixty-nine percent said they would limit class-action lawsuits to “people who have personally suffered identity theft, fraudulent activity in bank or credit-card accounts or other financial harm.” Thus mere exposure would “not constitute harm.”