As more of our daily activities move online, more of our personal data moves over the Internet. And more data means more data breaches.

It’s to soon to tell of any if there are any Mainers among the 320,000 Time Warner Cable customers whose email passwords were recently snatched, but wherever the unlucky ones are, they have been made very vulnerable.

Social Security and credit card numbers are the kinds of things a hacker might be able to extract from an email file, and if the account holder used the same password for other websites, confidential banking and medical records are also at risk.

So are the account owners’ contacts, who may already be receiving innocent-looking emails with links that would introduce malware to the receiver’s computer, spreading the mayhem.

There were at least 766 reported data breaches in the nation last year, compromising the security of hundreds of millions of records. One of the biggest targets was the health care industry, where 121 million records were accessed by hackers, including 79 million records from the breach in the systems of a single company — Anthem Inc.

If people could choose to keep all of their personal information off the Internet, this might not be such a serious problem. But that is neither possible nor desirable in an economy that gets more efficient as the speed of information increases.


The responsibility to keep the information secure is firmly on the shoulders of the companies that benefit from electronic commerce. But there also is a role for government.

Most states, including Maine, have laws that require businesses and institutions to notify consumers when their data has been breached, but there is still no federal law that requires notification.

Congress debated four bills last year that would create a federal standard for information security, but it could not agree on a unified approach. A sticking point was that Republican sponsors wanted any act to supersede tougher state laws, while Democrats wanted a federal law that would set a minimum standard for security but not one that would pre-empt state law.

A minimum federal standard is consistent with other information protection laws that precede the invention of the Internet. If members of Congress are concerned that companies would still have to navigate a patchwork of laws, they could make sure the minimum standard is the same as the toughest of the state rules.

Laws that require companies to notify consumers when their data has been compromised won’t end data breaches, but they will contain the damage. Government at all levels should make sure that sensitive information is secure.

Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.

Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.

filed under: