Data Protection Report - Norton Rose Fulbright

Just two days after the 2014 midterm elections, a coalition of 44 retail and merchant organizations delivered a letter to U.S. Senate and House leaders, urging the passage of “a single federal law applying to all breached entities.”  Those national and state organizations include the National Retail Federation, the world’s largest retail trade association.

Their letter is clear.  Congress, pass one law that instructs all types of entities—in the now-more-than-likely event of a data breach—on how to provide “clear, concise and consistent notices to all affected consumers regardless of where they live or where the breach occurs.”  The coalition also asks that legislators apply an even hand and consistent penalties to potentially affected entities.  A discriminatory scheme, the letter warns, will only produce deficient security efforts.

And, because data security in today’s ever-connected world is only as strong as the “weakest link,” the coalition advises that any legislation must also be comprehensive.  That requires enhanced security not only at the data source but also at every link of the data-sharing chain, including the communication lines that transmit data and the “cloud” that stores much of today’s data.

Driving the point home, the coalition highlights recent data breaches and the serious harm and concerns caused by those events, shaking all sectors, as well as public confidence.  The letter ends where it begins by asking this nation’s legislators to improve and standardize notice of data breaches to consumers and the public.

With the polls barely closed, the coalition’s letter shows that calls for federal data breach legislation will only increase in volume.  Given this political pressure and the alarming tide of recent breaches, new legislation may very well be in the cards.

All potentially affected entities and industries should therefore consider:

  • how they can best prepare for a new legal and regulatory scheme
  • how legislation will affect their business and operations
  • the different types of proposed legislation and which variety will best serve them and
  • whether and how to voice views and concerns to help shape federal legislation that may one day govern how they do business.