WASHINGTON -- A broad coalition of national and state associations representing retailers and other merchants have sent a letter to congressional leaders calling for federal legislation to establish a single national standard for notifying consumers when a business suffers a breach of security involving financial data or other sensitive personal information.
The letter, signed by 44 organizations, urged Congress to pass comprehensive data security legislation that would apply to all businesses, including financial institutions, merchants, payment card processors, technology companies and telecommunications providers. The group supports federal legislation that would standardize and streamline data breach notification rules so the public is promptly informed when breaches occur.
"Any legislation to address these threats must cover all of the types of entities that handle sensitive personal information," the letter said. "Exemptions for particular industry sectors not only ignore the scope of the problem but create risks criminals can exploit."
Some data breach notification proposals Congress is considering would only require merchants collecting payment card numbers to notify consumers of a breach while exempting other entities in the payments system including card processors, financial services companies and telecommunications providers.
The merchant letter cited the annual Verizon 2014 Data Breach Investigations Report that showed retailers accounted for 10.8% of data breaches in 2013 while the financial services industry accounted for 34%.
While a vote on data breach legislation is not expected during the remaining weeks of this Congress, the merchant coalition insists that any new legislation cover all entities involved in the handling of consumers' sensitive personal information.
"Consumers deserve to know when they are placed at risk regardless of where the risk arises. The public expects no less," the letter observed. "Congress should act to standardize reasonable, timely notification of sensitive data breaches whenever and wherever they occur. However, legislation that would demand notice of some sectors while leaving others largely exempt will unfairly burden the former and unnecessarily betray the public's trust."
NRF has long supported federal legislation that would replace the varying breach notification laws in 47 states and four federal jurisdictions with a uniform national standard.
Industry groups among the signers included:
- Conexxus
- Florida Petroleum Marketers & Convenience Store Association
- Georgia Association of Convenience Stores
- Independent Oil Marketers Association of New England
- National Association of Convenience Stores
- National Association of Truck Stop Owners
- New York Association of Convenience Stores
- North Dakota Petroleum Marketers Association
- Petroleum Marketers Association of America
- Petroleum Marketers & Convenience Stores of Iowa
- Society of Independent Gasoline Marketers of America
- Virginia Petroleum Convenience & Grocery Association
- West Virginia Oil Marketers & Grocers Association
Members help make our journalism possible. Become a CSP member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.