In the wake of last year’s disastrous Equifax data breach and its subsequent cover-up, the National Retail Federation (NRF)—the world’s largest retail trade association—and other groups are demanding that any new data breach notification law passed by Congress should apply to all industries and “leave no holes.”
“American consumers want to know if their data has been breached no matter where the breach occurs,” NRF vice president and senior policy counsel Paul Martino said. “No industry should be allowed to keep its data breaches secret.”
On Wednesday, February 14th, the House Financial Services Committee held a hearing on data breaches amidst concerns about a repeat of 2015’s unsuccessful legislation, which would have allowed financial institutions to withhold data breach information. At the hearing, banks were represented while retailers were not. The Committee did not reach any resolution on Wednesday, and, currently, no new hearings have been scheduled.
“Every industry sector–whether consumer-facing or business-to-business–suffers data security breaches that may put consumer data at risk,” a letter from the NRF to the Financial Services Committee said. “To protect consumers comprehensively wherever breaches occur, Congress should ensure that any federal breach notification law applies to all affected industry sectors and leave no holes.”
The NRF’s statement echoes their longstanding advocacy for uniform federal data breach law rather than the current state-by-state laws, which often conflict with one another, create confusion and cause compliance challenges for multi-state retailers. In its advocacy for retailers, the NRF stands against banks and other industries’ push for legislation that would make data breach notifications mandatory for retailers but not the banks themselves.