Retailers battle financial sector over data breach legislation

Retailers battle financial sector over data breach legislation
© Getty

Retailers on Tuesday doubled down on their opposition to a data breach notification bill favored by financial firms.

The Retail Industry Leaders Association (RILA), one of the sector’s largest trade groups, argued in a letter to House leadership that the measure would be unfair to large swaths of the economy.


The bill, from Reps. Randy NeugebauerRobert (Randy) Randolph NeugebauerCordray announces he's leaving consumer bureau, promotes aide to deputy director GOP eager for Trump shake-up at consumer bureau Lobbying World MORE (R-Texas) and John Carney (D-Del.), would require companies to notify customers following a breach and set nationwide data security standards modeled after those governing the financial sector.

“This legislation would not only have a detrimental effect on the retail community but would also negatively impact businesses of all sizes across the country,” the RILA said in the letter.

“It makes no sense to take one industry’s regulations and apply it to a large segment of the economy without understanding the consequences,” it added.

Industry groups and both parties in Congress have long agreed that federal data breach notification standards are badly needed. Companies currently deal with a confusing, costly and time-consuming patchwork of 47 state laws.

But all sides have fought over the particulars of the bill.

Last year, retailers strongly backed a data breach bill from the House Energy and Commerce Committee that almost made it through the lower chamber.

But that measure lost Democratic support at the last minute during a markup vote amid a fight over how strongly the federal bill should preempt state laws. Democrats worry a weak federal standard might supplant robust existing consumer protections. Republicans fear an invasive law could give too much power to zealous federal regulators.

Neugebauer, who chairs the House Financial Services Subcommittee on Financial Institutions and Consumer Credit, came out with his offering after the Energy and Commerce bill stalled.

Retailers immediately opposed the Neugebauer bill, which has a companion measure from Sens. Tom CarperThomas (Tom) Richard CarperThe conservative case for phasing out hydrofluorocarbons Democrat asks for probe of EPA's use of politically appointed lawyers Overnight Energy: Study links coronavirus mortality to air pollution exposure | Low-income, minority households pay more for utilities: report MORE (D-Del.) and Roy BluntRoy Dean BluntSenate to push funding bill vote up against shutdown deadline Social media platforms put muscle into National Voter Registration Day Senate GOP faces pivotal moment on pick for Supreme Court MORE (R-Mo.) in the upper chamber.

Applying banking security rules on non-banking industries would create unnecessary regulations, the RILA argued in its letter. The organization points to one that requires any employee handling credit or debit card information to pass a criminal background check.

“This is one regulation that makes perfect sense for the banking industry where individuals handle loans and mortgages, but it is certainly not necessary for the high school student working part-time as a sales associate at a cash register,” the RILA said.

Despite the consensus that Congress must move on some data breach notification bill, it’s unexpected that lawmakers will act this year.