November 24, 2014
In a somewhat surprising move, the nation’s leading retail stores are urging Congress to adopt federal consumer data security legislation. Although such legislation would likely place specific data privacy and security requirements on the retailers, they clearly believe that those additional compliance requirements, and the costs associated with them, are preferable to the current environment in which they must comply with different rules imposed by diverse jurisdictions.
In a recent letter to Congressional leaders, several of the nation’s leading trade associations representing a range of retailers made the request for federal action on consumer data protection. The letter was presented by retailer groups including: the National Retail Federation, the National Association of Chain Drug Stores, the National Grocers Association, and the National Restaurant Association.
The retailers noted that, at present, they must comply with data security and privacy laws and regulation imposed by approximately 47 different jurisdictions in the United States. The complexity and cost of such compliance are significant, and they have an adverse impact on the retail community.
Instead, the retailers would prefer that the federal government implement a uniform standard for security of consumer data. This single national standard would make compliance easier and would reduce the operating costs faced by individual retailers. Federal data security requirements would also help retailers reduce their civil litigation exposure associated with data security breaches.
It is significant that the retailers, the parties who bear the costs associated with protecting the security of consumer data, now advocate federal action on consumer data privacy and security. If the retailers support such federal action, Congress and the federal regulatory agencies should take prompt action. There is no real excuse for delay now that it is clear that the parties who will bear the brunt of the compliance burden favor federal action.
On nearly a daily basis we become aware of a new consumer data security breach. This environment obviously harms consumers, but the recent actions of the retailer community indicate that they too are adversely affected by the growing threats to consumer data security. Retailers and other businesses are looking for clear, consistent, and comprehensive guidance on data security best practices.
The federal government should take the lead in the efforts to protect the security of consumer data. The most effective and efficient approach the federal government can take in this field is adoption of comprehensive consumer data security legislation and associated regulations.
Consumers and consumer advocacy groups have long urged the federal government to take comprehensive action on data security. Now, the retail community has joined in those calls for federal action. It seems clear that the time for adoption of uniform federal consumer data security legislation has arrived.