RAPAPORT... The National Retail Federation (NRF) along with 43 other organizations urged U.S. Congress to immediately pass a comprehensive breach notification law to establish a national standard for notifying consumers when a business suffers a security breach involving financial data or other sensitive personal information. The proposal would apply to all businesses, including financial institutions, merchants, payment card processors, technology companies and telecommunications providers -- for any exemption empowers criminals. The group supports federal legislation that would standardize and streamline data breach notification rules so the public is promptly informed when breaches occur. Some of the data breach notification proposals that are being considered in Congress only require those merchants collecting payment card numbers to notify consumers of a breach, which is not good enough, the groups warned, citing the annual Verizon 2014 Data Breach Investigations Report that showed retailers accounted for 10.8 percent of data breaches in 2013, while the financial services industry accounted for 34 percent. Consumers deserve to know when they are placed at risk regardless of where the risk arises. The public expects no less, the group stated. “Congress should act to standardize reasonable, timely notification of sensitive data breaches whenever and wherever they occur. However, legislation that would demand notice of some sectors while leaving others largely exempt will unfairly burden the former and unnecessarily betray the public’s trust,” according to the group. NRF has long supported federal legislation that would replace the varying breach notification laws across 47 states and four federal jurisdictions with a uniform national standard.
|