Skip to main content

NRF renews call for data breach law


The National Retail Federation reiterated its support Jan. 27 for a federal data breach notification standard as a congressional panel held a hearing on this issue, saying legislation should provide consumers with notice whenever a data breach occurs.

“A single uniform national standard for notification of consumers affected by a breach of sensitive data would provide simplicity, clarity and certainty to both businesses and consumers alike,” NRF Senior Vice President for Government Relations David French said. “A federal breach notification law would ensure reasonable and timely notice to consumers while providing clear compliance standards for businesses.”

French’s comments came in a letter to members of the House Energy and Commerce Committee’s Subcommittee on Commerce, Manufacturing and Trade, which is holding a hearing Jan. 27 on what should go into a notification bill.

For the past decade, NRF has called on Congress to pass a federal data breach notification law that would cover all entities that receive, handle and maintain sensitive personal information. NRF believes a national standard would provide retailers a practical framework to handle consumer notification and must preempt the 47 disparate state data breach notification laws retailers now comply with.

“If Americans are to be adequately protected and informed, any legislation to address these threats must cover all of the types of entities that handle sensitive personal information,” French said. “A federal notice obligation applying to all breached businesses would also create significant incentives across industries to invest in technologies to better protect data and to respond appropriately to breaches whenever and wherever they occur.”

“Regrettably, there are those who are spending time and resources casting blame on the victims of cybercrime, but retailers are actively engaged every day in efforts to protect their customers against those who commit the crimes,” French said commenting on the hearing. “Whether pushing for Chip and PIN credit cards or voluntarily and proactively initiating information-sharing platforms, retailers are less interested in finger pointing and far more interested in collaborating with multi-industry stakeholders and law enforcement to stop these crimes from happening in the first place.”

This ad will auto-close in 10 seconds