Thursday, March 15, 2018
In a March 7, 2018, meeting with U.S. House Financial Services Committee members, the National Retail Federation urged the committee to rewrite proposed legislation pertaining to data breach notifications. The NRF, which has long pushed for uniform data breach legislation, called the bill a good effort that falls short of protecting retailers. At issue are a "one-size-fits-all" approach and overly protective stance toward select parties, according to NRF Vice President and Senior Policy Counsel Paul Martino.
Martino found loopholes in the bill's first draft that he claimed would exempt financial institutions and third-party service providers from punitive actions, as well as allow organizations to hide major data breaches from public view. "We want to work with the committee to develop an airtight bill that covers all industries and ensures that all data breaches are subject to notification no matter where they occur," he stated.
Proposed guidelines introduced by Reps. Blaine Luetkemeyer and Carolyn Maloney call for federally enforced data security and data breach notifications overseen by the Federal Trade Commission. Ideally, these uniform protections would create a flexible, technology-neutral data security standard. They would also require breached parties to notify consumer and law enforcement immediately when personal information has been stolen or compromised.
In a March 7, 2018, letter, the NRF and other retail organizations, collectively representing more than a million U.S. consumers, petitioned the House Financial Services Committee to include four critical principles in the proposed data breach legislation: create a uniform, national law; set reasonable security standards; maintain appropriate enforcement; and notify all breached entities. They also brought up the following issues:
In addition, the authors voiced concerns that the legislation sets an "immediate" standard for notice that they believe may be unachievable. The letter was signed by the following parties:
NRF representatives maintained that varying approaches to data breach enforcement in 48 states are inconsistent and conflicting, which can be confusing for consumers and multistate retailers. The association is calling for a uniform federal law that holds banks, card processors, telecommunications companies and other entities equally responsible for managing sensitive consumer data.
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.