MONTGOMERY, ALA. (January 17, 2014) – Beasley, Allen, Crow, Methvin, Portis & Miles, P.C., Founding Shareholder Jere L. Beasley says legislation introduced in the U.S. Senate this week appears to provide consumer protections in the event of security breaches like the recent Target data theft, but actually undermines their right to justice through the court system. The Data Security Act of 2014 was introduced Jan. 15 by Sens. Tom Carper (D.-Del.) and Roy Blount (R-Mo.).
The stated purpose of the bill is to require companies that accept credit or debit card payments to have policies and procedures in place to protect their data from hackers, to respond to any security breaches should they occur, and to alert consumers of the breach. While that sounds reasonable, the bill actually protects the retailers. If a huge retailer complies with the Act it would be immune from liability for any wrongdoing. It also appears that banks, card companies and other financial institutions are not covered by the Act. Additionally, all state causes of action are preempted by the Act, and the Act expressly bans any private cause of action. In other words, no victim could file a lawsuit under state law or in a state court regardless of how bad the conduct was. Also, the Act would ban class action lawsuits.
“This legislation is designed to hurt the consumer,” Mr. Beasley says. “I believe the aim of this legislation is to prohibit an individual from filing a lawsuit and ban class actions. Essentially this means you – the victim – cannot file a lawsuit under state law to seek justice for your losses or to hold accountable those who allowed your information to be compromised. The 110 million Target victims should let their senators know that this is not a consumer-friendly bill.”
Beasley Allen filed two lawsuits related to the major security breach at Target stores that began on or around Nov. 27, just before “Black Friday,” and continued through at least Dec. 15, which allowed hackers access to customers’ credit and debit card information. Beasley Allen filed a class action lawsuit on Dec. 20 on behalf of consumers whose information was compromised. A second class action lawsuit was filed Dec. 30 on behalf of Alabama State Employees Credit Union for financial losses resulting from defrauded deposits of financial institution members and customers, as well as costs associated with closing accounts, reissuing new checks, debit cards and credit cards as a result of Target’s data breach.
Mr. Beasley believes the public has only seen “the tip of the iceberg” when it comes to breaches of their personal information. Shortly after Target admitted customer credit and debit card information was stolen from the point of sale systems in its stores, it also admitted additional personal information had been stolen from even more customer accounts, including names, addresses and email addresses. Another retailer, Neiman Marcus, also recently admitted its computer network was hacked as far back as July, and only in the past week was the hack discovered and contained.
“It has been happening, but not to this scale,” Mr. Beasley said. “And hackers are not going to stop. The Federal Trade Commission and Congress have a direct responsibility to change our system, and until they do it, it’s open season,” he says.
Read the Data Security Act of 2014.