ms. mcguire, her testimony suggests that any notification standard should minimize notifying individuals about breaches in which their personal information was rememberedderred unusable -- rendered unusable before it was stolen. ms. weinman suggests that the exposure of unreadable data would not result in risk, therefore, notice would not be appropriate. and i'm wondering kind of what your thoughts are in the wisdom of including usability reference in breach notice legislation and perhaps how the illinois state law approaches that issue. >> it's the right thing to do. i agree with both of them on that front. in illinois' law if the information is encrypted, you don't get notification of the breach. what we need to look to as we've seen this in some of the breaches taking place is encrypted information has been compromised, and the encryption key has also been stolen. in those circumstances when you can unencrypt then there should be notice. but if it's encrypted if it's unusable unreadable notification does not need to take place under illinois' law. >> okay, great. mr. chairman, thank yo

ms. mcguire, you're talking about a risk-based analysis. i would like you to elaborate. >> along the same lines of what kind of data has been breached and what the risk is to the consumer or the organization that might have been part of that, as i stated in my statement, we believe a component of that statute is to be that the data has been rendered unreadable or unusable the encryption or other technologies, so that if the data has been accessed, it is meaningless to the perpetrator. that is a key component. >> that is your line? >> yes. >> attorney general madigan maybe take some time to elaborate on that. >> i do not think there is any such thing as over notification going on at this point. notification keeps consumers alert to the possibility of identity theft. it certainly depends on what other information criminals may have access do in terms of what they could be using, information we would deem individually not to pose risk to them. but it could potentially of combined with other information. there is no over notification going on a

ms mcguire you know there are numerous reports to gauge it back after the two attack. son-in-law of them have a different. for its require u.s. i.f. company to tirn. independence cluging. as strange for market access. are you concerned that such information in the hands of well we could call. he already rickses. where. having to tougher over any of our keckstially. we believe that that is >> we are concerned about having to turn over any of our intellectual property to any country. we believe that that is an infringement on our ownership of our intellectual property that we had clearly spent extensive resources to develop. we should be allowed to protected accordingly. as it is passed to a second party, it does expose us to potential vulnerability. in short, we believe we should not have to share intellectual property. >> there are instances i believe where companies are being pressured by foreign governments to share that property. do you know how prevalent that is? >> there are some new requirements. actually, some not so new requirements in some countries. i cannot

ms. mcguire suggested any notification standard should notify customers of their data before it was stolen. ms. wyman suggests it will not result in risk and a notice not be appropriate. i wonder what your thoughts are. also, how the illinois state law approaches that issue. >> it is the right thing to do. i agree with both of them. illinois law, you do not get notification of the breach of the information is encrypted. what we need to see is encryption information has been compromised. if it is encrypted, unusable unreadable, notification does not need to take place. >> thank you. >> thank you very much, mr. chairman. thank you for holding this important hearing. one of our major retailers experienced a breach and i think there is a day that is not go by that we do not hear about another cyber attack. in fact, last night, the media reported the anthem was breached inand as many as 80 million customers could have had their account information stolen. these cyber attacks our increasing in scope. i hope, given that we have already had a hearing, and i appreciate the senators leadership. i ho

ms. mcguire suggested any notification standard should notify customers of their data before it was stolen. ms. wyman suggests it will not result in risk and a notice not be appropriate. i wonder what your thoughts are. also, how the illinois state law approaches that issue. >> it is the right thing to do. i agree with both of them. illinois law you do not get notification of the breach of the information is encrypted. what we need to see is encrypted information -- encryption information has been compromised. if it is encrypted, unusable unreadable, notification does not need to take place. >> thank you. >> thank you very much, mr. chairman. thank you for holding this important hearing. one of our major retailers experienced a breach and i think there is a day that is not go by that we do not hear about another cyber attack. in fact, last night, the media reported the anthem was breached inand as many as 80 million customers could have had their account information stolen. these cyber attacks our increasing in scope. i hope, given that we have already had a hearing, and i appreciate the s