Cybersecurity Legislation Should not Breach Law or Broad new Privacy Regimes
NRF: Don’t Broaden Cybersecurity Legislation The National Retail Federation told senators today that cybersecurity legislation should remain focused on its key purpose and not be expanded to include data breach legislation or broad new privacy regimes.
“Cybersecurity legislation includes the laudable goal of increasing information sharing between the government and private sector, but the goals underlying the cybersecurity legislation and provisions in data breach notification legislation are fundamentally contradictory,” NRF Senior Vice President for Government Relations David French said in a letter. “Juxtaposing these contrasting proposals would place businesses in a precarious position when their systems are attacked by cyber criminals. Thoughtful examination and comparison of these pieces of legislation reveal that they are not properly aligned.”
Two major cybersecurity bills are pending in the Senate. S. 2105, the Cybersecurity Act of 2012, was introduced last month by Senate Homeland Security and Governmental Affairs Committee Chairman Joseph Lieberman, I-Vt., and Ranking Member Susan Collins, R-Maine. In addition, Senate Commerce, Science and Transportation Committee Ranking Member Kay Bailey Hutchison, R-Texas, and fellow committee member Senator John McCain, R-Ariz., today introduced the Strengthening and Enhancing Cybersecurity by Using Research, Education, Information and Technology Act, or SECURE IT Act. Both bills are intended to protect “covered critical infrastructure” against cyber attacks by terrorists and others.
While the bills are not directed specifically at retailers, many believe any measure dealing with Internet security could become a vehicle to which lawmakers would try to attach long-pending proposals regarding online security and privacy. Among them are data breach measures that could force retailers to unnecessarily spend millions of dollars on data monitoring services for customers if their databases were hacked.
In addition, French noted that privacy legislation “has not been vetted by any committees of jurisdiction in the Senate” and to add it to the cybersecurity bill without a full range of hearings and debate “flies in the face of the deliberative process that this sensitive topic deserves.”
As the world’s largest retail trade association and the voice of retail worldwide, NRF represents retailers of all types and sizes, including chain restaurants and industry partners, from the United States and more than 45 countries abroad. Retailers operate more than 3.6 million U.S. establishments that support one in four U.S. jobs – 42 million working Americans. Contributing $2.5 trillion to annual GDP, retail is a daily barometer for the nation’s economy. NRF’s Retail Means Jobs campaign emphasizes the economic importance of retail and encourages policymakers to support a Jobs, Innovation and Consumer Value Agenda aimed at boosting economic growth and job creation. www.nrf.com