CIOs took it on the chin at a hearing on Capitol Hill Wednesday, as lawmakers chastised businesses for not doing more to keep their customers' personal data secure. Executives from Epsilon and Sony were asked to testify at the hearing--in the wake of their massive data breaches--but both companies declined the invitation.

Lawmakers--and particularly Rep. Mary Bono Mack, who held the hearing as chair of the Commerce, Manufacturing and Trade subcommittee--expressed dismay that Sony customers were not notified sooner following the breach of the PlayStation Network, in which 77 million accounts were broken into and approximately 10 million credit cards were stolen. Bono Mack criticized the company for using a blog to first reveal information about the breach.

"Sony put the burden on consumers to 'search' for information, instead of accepting the burden of notifying them. If I have anything to do with it, that kind of half-hearted, half-baked response is not going to fly in the future," she said at the hearing.

Bono Mack said she plans to introduce a bill to ensure that consumers are given prompt notification when their personal data is in jeopardy. "We need a uniform national standard for data security and data breach notification, and we need it now," she said.

Consumer advocates urged lawmakers to pursue legislation that gives companies greater incentives to protect data. The combination of today's notification laws, financial costs and reputational costs may not be sufficient motivation, said Justin Brookman director of Consumer Privacy at the Center for Democracy & Technology.

"Any federal action on data breach should be a mix of requirements and incentives for both companies and government bodies to install sufficient front-end data security measures, to minimize their holdings of consumer data that is no longer necessary for a specific, legitimate purpose, and to develop structures that monitor and control where consumer data resides," Brookman said.

Officials from the Secret Service, Federal Trade Commission and Purdue University also testified at the hearing.

For more:
- see a statement by Rep. Mary Bono Mack
- see witnesses' testimony from the hearing

Related Articles:
Epsilon breach reignites cloud security fears
Sony apologizes, promises phased restoration of PlayStation Network
Verizon: Data breaches soared in 2010
BP loses oil, now personal data