WASHINGTON -- The U.S. House Energy & Commerce Subcommittee on Commerce, Manufacturing & Trade, chaired by Rep. Michael C. Burgess (R-Texas), held a hearing to discuss the need for federal data breach legislation and what that legislation should look like.
The key issues raised in the hearing, "What Are the Elements of Sound Data Breach Legislation?", included the need for a single federal standard, the timing of a consumer notification standard and trigger for enforcement.
"Increasingly, our personal details--which we need to verify financial transactions--are converted into data and uploaded to networks of servers that can't be protected with a simple lock and key," said Burgess.
"A single requirement across the states would give companies some confidence that their methods are sound in handling electronic data, an inherently interstate activity. Moreover, it would put all companies on notice that if you fail to keep up with other companies and if you aren't learning from other breaches, you will be subject to federal enforcement," he said.
Brian Dodge, testifying for the Retail Industry Leaders Association (RILA), described the difficulty retailers currently face in complying with a complex system of duplicative and sometimes conflicting state laws.
"RILA supports federal data breach notification legislation that is practical, proportional and sets a single national standard that replaces the often incongruous and confusing patchwork of state laws in place today. A single, clear, preemptive federal standard will help ensure that customers receive timely and accurate information following a breach," said Dodge (click here to view his full testimony).
The National Association of Convenience Stores (NACS) and the Society of Independent Gasoline Marketers of America (SIGMA) said that they have been working closely with policymakers to ensure that any data security and consumer notification standards are fair, apply to all parties equally and actually protect the consumer.
As part of this ongoing effort, NACS and SIGMA submitted written testimony for the hearing record (click here to view the testomony).
Their testimony explained the interest its members have in data breach legislation, noted how the payment card system affects the data security efforts of their members, provided a brief overview of the background and current status of data breach laws and delineated the elements of future data breach legislation that they consider to be most important.
In particular, the testimony called for legislation to set a level playing field so that no one sector of the economy is overly burden with legal responsibilities; to be flexible so it can address different data breach circumstances; to avoid a punitive approach that punishes companies that are hacking victims; and to pre-empt state laws.
Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.