The recent data security breaches at Target, Neiman Marcus, and a few other retailers has been a catalyst to Congress restarting talks about a federal data privacy law. Currently, there are pending bills in both the House and Senate. On the civil side, the bills set minimum standards for data security and obligations for reporting data security breaches. On the criminal side, there would be increased penalties for anyone engaged in hacking into a system and stealing personal information.
While the bills task the Federal Trade Commission with the enforcement of the new law, what remains to be seen is whether the new law will include a private right of action for citizens that are harmed because of a data breach.