Broad Merchant Coalition Urges Passage of Comprehensive Breach Notification Legislation

44 Organizations Sign Letter to Congressional Leaders

WASHINGTON--()--A broad coalition of national and state associations representing retailers and other merchants sent a letter today to congressional leaders calling for federal legislation to establish a single national standard for notifying American consumers when a business suffers a breach of security involving financial data or other sensitive personal information.

The letter, signed by 44 organizations, urged Congress to pass comprehensive data security legislation that would apply to all businesses, including financial institutions, merchants, payment card processors, technology companies and telecommunications providers. The group supports federal legislation that would standardize and streamline data breach notification rules so the public is promptly informed when breaches occur.

“[A]ny legislation to address these threats must cover all of the types of entities that handle sensitive personal information,” the letter said. “Exemptions for particular industry sectors not only ignore the scope of the problem but create risks criminals can exploit.”

Some data breach notification proposals being considered in Congress would only require merchants collecting payment card numbers to notify consumers of a breach while exempting other entities in the payments system including card processors, financial services companies and telecommunications providers.

The merchant letter cited the annual Verizon 2014 Data Breach Investigations Report that showed retailers accounted for 10.8 percent of data breaches in 2013 while the financial services industry accounted for 34 percent.

While a vote on data breach legislation is not expected during the remaining weeks of this Congress, the merchant coalition insists that any new legislation cover all entities involved in the handling of consumers’ sensitive personal information.

“Consumers deserve to know when they are placed at risk regardless of where the risk arises. The public expects no less,” the letter observes. “Congress should act to standardize reasonable, timely notification of sensitive data breaches whenever and wherever they occur. However, legislation that would demand notice of some sectors while leaving others largely exempt will unfairly burden the former and unnecessarily betray the public’s trust.”

NRF has long supported federal legislation that would replace the varying breach notification laws in 47 states and 4 federal jurisdictions with a uniform national standard.

NRF is the world’s largest retail trade association, representing discount and department stores, home goods and specialty stores, Main Street merchants, grocers, wholesalers, chain restaurants and Internet retailers from the United States and more than 45 countries. Retail is the nation’s largest private sector employer, supporting one in four U.S. jobs – 42 million working Americans. Contributing $2.6 trillion to annual GDP, retail is a daily barometer for the nation’s economy. NRF’s This is Retail campaign highlights the industry’s opportunities for life-long careers, how retailers strengthen communities, and the critical role that retail plays in driving innovation.






National Retail Federation (NRF)
Stephen Schatz (855) NRF-PRESS

Release Summary

44 trade organizations sign letter to Congress calling for a national data breach notification law that would apply to all businesses including financial institutions and telecommunications providers.


National Retail Federation (NRF)
Stephen Schatz (855) NRF-PRESS