In what could be the largest data breach of a healthcare company to date, Anthem continues reeling from news last week that up to 80 million customers could have had their personal data stolen. Tuesday at the Statehouse, Indiana Attorney General Greg Zoeller made his case before lawmakers.
“If you want to wait for the federal government to act, I suggest that’s not something that I would support,” he told lawmakers.
Zoeller is pushing legislation that would force companies like Anthem to limit how long personal data is stored and to notify customers faster.
“I think the larger companies that collect very personal data need to spend more money frankly to protect it at the front end,” Zoeller said. “And do things to clean it up, so they’re not storing things they may not really need.”
Lynn Toops, an Indianapolis class action attorney at Cohen and Malad, is suing Anthem in what she hopes will become a class action lawsuit. A number of lawsuits have been filed nationwide.
“The impact is just going to be enormous and devastating for the consumer,” Toops said. “If any good can come from this, it’s that there needs to be more laws and more accountability to these consumers, and that’s what we’re doing with this lawsuit, first and foremost is to hold Anthem accountable.”
Last year in Indiana, Zoeller said 395 data breaches were reported.
At Tuesday’s hearing before the Senate Homeland Security & Transportation Committee, several privacy experts urged stronger laws.
“In its current state, I don’t believe this would have prevented what happened at Anthem,” J.J. Thompson said, founder of Rook Security.
Critics, though, question whether businesses should be held liable for theft.
“Companies should be given a little credit for operating diligently,” Mark Shublak said, with Ice Miller Public Affairs representing TechPoint.
Zoeller said the immediate concern passing initial protections for consumers at a state level, like other states nationwide have.
“The latest data breach on Anthem has gotten everyone’s attention,” he said. “But I want to make it clear we’ve had a lot of this over the past year alone.”
In a statement, an Anthem spokesperson said, “As with any legislation that may have an impact on our customers, we’re monitoring the debate surrounding this proposal.”
The bill still has its hurdles. Final language is still being worked on.
Zoeller said his office has been hearing from a lot of stakeholders including companies and privacy experts.