Some lawmakers may have President Obama’s back on the topic of data security. Earlier in the year, Obama called for a federal standard for people to receive notification within 30 days of a breach. The measure would replace differing laws in 47 states.
“This is a direct threat to the economic security of American families and we’ve got to stop it,” Obama said. “If we’re going to be connected, then we’ve got to be protected.”
In a Senate hearing last winter, Mallory Duncan, senior vice president and general counsel for the National Retail Federation (NRF), Washington, D.C., confirmed the group’s support for a uniform, national data-breach notification law.
Testifying before the Senate Commerce, Science and Transportation Committee’s Subcommittee on Consumer Protection, Duncan did emphasize, however, that exceptions to that rule might “create risks criminals can exploit.”
Versions of current proposals have exemptions that shield third-party processors, cloud-services companies and other service providers from compliance, she said. The NRF also developed six ways it believes the administration can help secure data:
- Support the immediate passage of federal fraud protection for debit cards, similar to what exists for credit cards. Americans should not have to pay more for fraud protection.
- Call on the payment-card industry to stop relying on fraud-prone signatures and issue personal identification number (PIN) and chip cards for all Americans with credit cards.
- Encourage all entities in the payments system—not just retailers—to adopt point-to-point encryption to protect consumers’ payment information throughout the entire payments chain.
- Endorse the development of open, competitive tokenization standards to replace consumers’ sensitive personal data (including payment card data) with non-sensitive “tokens” so that stored information is useless to would-be hackers.
- Continue support for a single national data-breach notification law that would establish a clear disclosure standard for all businesses to inform consumers of breaches whenever and wherever they occur.
- Support the passage of federal law-enforcement legislation that would aid in the investigation and prosecution of criminals that breach businesses’ networks and harm consumers.
Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.