From: National Journal
Why businesses want Congress to tell them what to do after data breaches.
By Brendan Sasso
It’s the kind of top-down, one-size-fits-all, heavy-handed regulation that corporate America despises. The exact type of mandate that businesses pay lobby shops millions to tweak and twist into oblivion. Except this time, America’s big-box stores are begging Congress to boss them around.
Reeling from high-profile privacy fumbles at Target and Neiman Marcus, retailers are asking Congress to require them to notify customers when shoppers’ information has been put at risk.
Currently, when firms spill data, they’re subject to a patchwork of state rules: 46 states, plus the District of Columbia, have their own privacy-breach notification laws. For a company like Target, which has stores in every state save Vermont, that means a massive compliance struggle.
Backers of a unified standard say a federal requirement would not only make companies’ lives easier but would also help firms serve their customers better by giving businesses a quick and comprehensive way to address hacks. And with tens of millions of Target and Neiman Marcus customers wondering if their credit cards are about to be used for someone else’s shopping spree, the issue has new momentum in an otherwise gridlocked Congress.
Rep. Lee Terry, the chairman of the House Commerce, Manufacturing, and Trade Subcommittee, has planned a data-security hearing, featuring testimony from a Target executive, for the first week of February.
Senate Judiciary Committee Chairman Patrick Leahy introduced a data-breach bill earlier this month, with the support of fellow Democratic Sens. Chuck Schumer, Al Franken, and Richard Blumenthal. Leahy, who has pushed similar legislation since 2005, said he also plans to hold a hearing on the issue.
But even with major retailers and business associations calling for a national standard, the legislation’s supporters have struggled to convince some Republicans that the bill isn’t just another nanny-state intrusion into companies’ private affairs.