In the aftermath of the TARGET breach announced last month, there has been much talk of how to respond to large-scale breaches of this type. Lawmakers are eager to write legislation to increase the FTC’s enforcement powers and create a national breach notification standard. But if the congressional response focuses entirely on breach notification and on strengthening the hand of the FTC, then Congress will be, well, off-target. As I write in the IAPP’s Privacy Perspectives today, it is not enough to improve our ability to clean up the mess after a breach occurs – we also need to focus on doing more at the front end to identify and punish hackers and to stop stolen data from ever being used.