In the aftermath of the TARGET breach announced last month, there has been much talk of how to respond to large-scale breaches of this type. Lawmakers are eager to write legislation to increase the FTC's enforcement powers and create a national breach notification standard. But if the congressional response focuses entirely on breach notification and on strengthening the hand of the FTC, then Congress will be, well, off-target. As I write in the IAPP's Privacy Perspectives today, it is not enough to improve our ability to clean up the mess after a breach occurs – we also need to focus on doing more at the front end to identify and punish hackers and to stop stolen data from ever being used.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.