A United States House subcommittee has scheduled a hearing to examine data protection issues following the massive breach of Sony's PlayStation Network and Qriocity services which compromised the personal information of 77 million gamers.
The House Subcommittee on Commerce, Manufacturing, and Trade, chaired by Republican Mary Bono Mack called the hearing to examine the threat of data theft to American consumers in light of Sony's breach.
It will also call in to question the network intrusion at email marketing services provider Epsilon.
Bono Mack announced that she intends to introduce a federal data security bill later this year that would provide consumers with additional safeguards, including a provision that they must be notified if their personal information is compromised. Similar notification laws are on the books in most US states.
A national data breach notification law has been in the works for a number of years. Several versions have made the rounds, but nothing has cleared both chambers.
Notification laws have similarly floundered in Australia.
Though Sony is facing mounting scrutiny after waiting several days to inform customers about its recent breach, company executives do not plan to testify.
Sony executives declined because the company's internal investigation into the breach is still ongoing, but the company has agreed to provide written responses to questions posed by Bono Mack.
In a letter sent to Sony's chairman, Bono Mack wants to know how the breach occurred, why Sony waited to notify customers, and what steps the company has taken to prevent a recurrence (PDF).
Sony revealed that attackers stole personal data belonging to PSN and Qriocity users, roughly a week after both services went offline. A recent investigation into the breach has turned up further compromise, which may affect an additional 25 million users of Sony's online gaming portal, known as Sony Online Entertainment.
“I am deeply troubled by this latest data breach,” Bono Mack said in a statement. “It reinforces my long-held belief that much more needs to be done to protect sensitive consumer information. Most importantly, Americans should be quickly informed when their personal information has been hacked, especially in instances like this where there is an obvious potential for large-scale identity theft."
