[BreachExchange] Retailers Cite Equifax as Need for Uniform Data Breach Law

Destry Winant destry at riskbasedsecurity.com
Wed Sep 13 22:25:32 EDT 2017


http://www.businesswire.com/news/home/20170913006244/en/Retailers-Cite-Equifax-Uniform-Data-Breach-Law

WASHINGTON--(BUSINESS WIRE)--The National Retail Federation and other
industry associations are telling Congress that any new federal law on
data breach notification should apply to all industries that handle
consumer data, citing the recent breach at the Equifax credit
reporting agency.

“The fact is that hackers do not discriminate as to the type of
business they attack,” NRF and the other groups said in a letter to
House and Senate leadership of both parties. “Every industry sector –
whether consumer-facing or business-to-business – faces data security
threats that may put consumer data at risk.”

“To protect customers and ensure effective public policy, Congress
should ensure that any federal breach notification law applies to all
affected sectors and leaves no holes in our system for some industries
that criminals can exploit,” the letter said.

The letter was signed by NRF, NRF’s National Council of Chain
Restaurants, and associations representing convenience stores, truck
stops, gasoline stations, grocers, real estate agents, franchises and
the travel industry.

Citing the 2017 Verizon Data Breach Investigations Report, the letter
noted that the financial services industry accounts for 24.3 percent
of all data breaches while retail represents only 4.8 percent. More
than 80 percent of all breaches take place in industries other than
those signing the letter.

The letter asked for a uniform national law to replace existing state
laws, reasonable data security standards, Federal Trade Commission
enforcement, and a requirement that all breached entities be obligated
to notify consumers when they suffer a breach of sensitive information
that creates a risk of identity theft or financial harm.

Equifax announced last week that it had been the victim of a massive
data breach that compromised information ranging from names to Social
Security numbers for as many as 143 million individuals. The breach,
which began in mid-May, was discovered on July 29 but not disclosed
for more than a month.

NRF has long called for a uniform federal data breach law to replace
separate and often-conflicting laws in 48 states and the District of
Columbia that are confusing for consumers and create compliance
challenges for multi-state retailers. NRF has argued that the new
federal law should cover banks, card processors, telecommunications
companies and all other entities that handle sensitive consumer data,
not just retailers. By contrast, banks and other industries have
pushed for breach notification legislation that would subject
retailers to stringent bank-style security rules while banks
themselves would be subject only to discretionary guidance.

NRF is the world’s largest retail trade association, representing
discount and department stores, home goods and specialty stores, Main
Street merchants, grocers, wholesalers, chain restaurants and Internet
retailers from the United States and more than 45 countries. Retail is
the nation’s largest private sector employer, supporting one in four
U.S. jobs – 42 million working Americans. Contributing $2.6 trillion
to annual GDP, retail is a daily barometer for the nation’s economy.
NRF.com


More information about the BreachExchange mailing list