NRF Reiterates Support For Federal Data Breach Notification Standard

The National Retail Federation (NRF) on Tuesday reiterated its long-standing support for a federal data breach notification standard today as a congressional panel held a hearing on this issue, saying legislation should provide consumers with clear, concise and consistent notice whenever and wherever a data breach occurs.

“A single uniform national standard for notification of consumers affected by a breach of sensitive data would provide simplicity, clarity and certainty to both businesses and consumers alike,” said David French, NRF senior vp for government relations. “A federal breach notification law would ensure reasonable and timely notice to consumers while providing clear compliance standards for businesses.”

French’s comments came in a letter to members of the House Energy and Commerce Committee’s Subcommittee on Commerce, Manufacturing and Trade, which is holding a hearing today on what should go into a notification bill.

For the past decade, NRF has called on Congress to pass a federal data breach notification law that would cover all entities that receive, handle and maintain sensitive personal information. The NRF believes a national standard would provide retailers a practical framework to handle consumer notification and must preempt the 47 disparate state data breach notification laws retailers now comply with.

“If Americans are to be adequately protected and informed, any legislation to address these threats must cover all of the types of entities that handle sensitive personal information,” French said. “A federal notice obligation applying to all breached businesses would also create significant incentives across industries to invest in technologies to better protect data and to respond appropriately to breaches whenever and wherever they occur.”