Merchant Associations Urge Passage of Breach Notification Legislation (Nov. 6, 2014)
A group of state and national merchant associations, 44 in all, sent a letter to congressional leaders today calling for the establishment of a single, national standard for notifying American consumers when businesses suffer a breach of security involving financial data or other sensitive personal information. The letter was addressed to Senate Majority Leader Harry Reid (D-Nev.), Senate Minority Leader Mitch McConnell (R-Ky.), Speaker of the House John Boehner (R-Ohio) and House Minority Leader Nancy Pelosi (D-Calif.).
The merchant coalition is urging Congress to pass data security legislation that would apply to all businesses, including financial institutions, merchants, payment card processors, technology companies and telecom providers. The group is asking for federal legislation that would standardize and streamline data breach notification rules so the public is promptly informed when breaches occur.
Some data breach notification proposals being considered by Congress only would require merchants collecting payment card numbers to notify consumers of a breach, while exempting other entities in the payments system, including card processors, financial services companies and telecom providers, according to a National Retail Federation press release. “Any legislation to address these threats must cover all of the types of entities that handle sensitive personal information,” the letter said. “Exemptions for particular industry sectors not only ignore the scope of the problem but create risks criminals can exploit.”
The NRF has been a long-time supporter of federal legislation that would replace with a uniform national standard the various breach notification laws in 47 states and four federal jurisdictions.
See related stories:
