Senator Mark Pryor, from Arkansas, has sent a letter to the U.S. Federal Trade Commission asking for an investigation into the Epsilon data breach. The Senator is both concerned about a potential rise in phishing attacks and:
"... whether Epsilon's data security procedures and actions post-breach are consistent with its obligations under the Federal Trade Commission Act or other laws you enforce... This breach underscores the importance of requiring strong data security safeguards and data breach notification standards..."
You can download the Senator's entire letter (PDF format). Other Senators are concerned.
In a separate action, Senators Al Franken (Minnesota) and Richard Blumenthal (Connecticut) sent a joint letter to the U.S. Justice Department listing their concerns about data security and privacy, that were prompted by both the Epsilon data breach and:
"... an investigation by the U.S. Attorney's Office of New Jersey into allegations that certain smart phone applications were collecting sensitive consumer information and disclosing it to third parties unbeknown to consumers..."
That investigation reportedly includes subpoenas served at several Internet companies, including Pandora and Google, about smartphone privacy. The Senators are concerned about posible violations of the Computer Fraud and Abuse Act (CFAA), and limitations of the CFAA that need to be strengthened:
"... we ask that you clarify the Department's understanding of the scope of the CFAA's consumer protection provisions, update the Department's prosecutorial guidance for the statute, and indicate to us where additional funding or legislation may be needed."
Those potential CFAA limitations include not only on insider identity theft -- where employees assist or participate in the data breach or hacking-- but only on digital privacy and smart phone. The Senators asked this about smart phones:
"... we also think it is important for all prosecutors to be aware that the Computer Fraud and Abuse Act protects more than traditional desktop and laptop computers. The definition of "computer" in the CFAA is a broad one and the U.S. Court of Appeals for the Eighth Circuit recently affirmed that the CFAA protects smartphones and a broad range of other electronic devices."
You can download the letter from Senators Franken and Blumenthal (PDF format).