It’s the kind of top-down, one-size-fits-all, heavy-handed regulation that corporate America despises. The exact type of mandate that businesses pay lobby shops millions to tweak and twist into oblivion. Except this time, America’s big-box stores are begging Congress to boss them around.
Reeling from high-profile privacy fumbles at Target and Neiman Marcus, retailers are asking Congress to require them to notify customers when shoppers’ information has been put at risk.
Currently, when firms spill data, they’re subject to a patchwork of state rules: 46 states, plus the District of Columbia, have their own privacy-breach notification laws. For a company like Target, which has stores in every state save Vermont, that means a massive compliance struggle.
Backers of a unified standard say a federal requirement would not only make companies’ lives easier but would also help firms serve their customers better by giving businesses a quick and comprehensive way to address hacks. And with tens of millions of Target and Neiman Marcus customers wondering if their credit cards are about to be used for someone else’s shopping spree, the issue has new momentum in an otherwise gridlocked Congress.
Rep. Lee Terry, the chairman of the House Commerce, Manufacturing, and Trade Subcommittee, has planned a data-security hearing, featuring testimony from a Target executive, for the first week of February.
Senate Judiciary Committee Chairman Patrick Leahy introduced a data-breach bill earlier this month, with the support of fellow Democratic Sens. Chuck Schumer, Al Franken, and Richard Blumenthal. Leahy, who has pushed similar legislation since 2005, said he also plans to hold a hearing on the issue.
But even with major retailers and business associations calling for a national standard, the legislation’s supporters have struggled to convince some Republicans that the bill isn’t just another nanny-state intrusion into companies’ private affairs.
Indeed, educating conservatives is a big part of the effort, said Mary Bono, a former House Republican from California turned data-security adviser for FaegreBD Consulting.
“This is not an antibusiness move — this is actually pro-business. It’s sort of counterintuitive,” she said.
Democrats have their qualms as well: They worry that a weak federal standard would preempt tougher state protections. And they want any national law to cover geo-location data, emails, and other personal records, not just financial information.
Those impulses, coupled with Congress’s generally constipated legislative process, may be why Bono was unable to gain much traction when she pushed a data-breach bill during her final term before losing her seat in 2012.
Her bill cleared the Commerce, Manufacturing, and Trade Subcommittee in 2011, when Bono was chairwoman, but it never received a vote in the full Energy and Commerce Committee. Bono said Energy and Commerce Chairman Fred Upton was supportive, but the issue was never a high enough priority to make it onto the panel’s calendar.
And while outrage over the Target breach has brought more urgency to the issue, it has also highlighted some sticking points. For example, Democrats and consumer advocates want to go beyond ensuring that consumers are informed when their privacy has been compromised; they want to punish companies that fail to protect their customers’ data.
The Federal Trade Commission has claimed that it already has the power to go after companies for inadequate data security under its authority to police “unfair” business practices. But the Wyndham Hotel chain and the medical laboratory LabMD have challenged the FTC’s actions against them, and the federal courts could decide to strip the FTC of its power in the area.
Many Democrats want any data-breach bill to explicitly grant the FTC the authority to fine companies that don’t take reasonable steps to protect their data. The law wouldn’t have to dictate specific security practices, but companies that recklessly put their customers’ sensitive information at risk should pay a price, they argue. Right now it is expensive for businesses that get hacked to comply with the various state notification rules — and that’s a good thing, consumer advocates say.
“One of the most important elements of a data-breach requirement is that it’s painful,” said Justin Brookman, the director of consumer privacy at the Center for Democracy and Technology. “If all federal data-breach legislation did was to make it easier to have a data-breach event, I’m not sure that would be a great outcome for consumers.”
Leahy’s bill includes new data-security requirements, but a GOP aide for the House Energy and Commerce Committee said the panel is focused only on the notification issue.
And even as the industry pushes Congress for regulation, it is warning lawmakers not to go too far. Many businesses say they would balk at expanding the federal government’s power to meddle in their security practices. It’s in their own interest to safeguard their data, they argue; they don’t need government bureaucrats telling them what kind of passwords to use.
They just need Washington to tell them what to do when those passwords get hacked.
What We're Following See More »
Trump, in a statement: “Based on the fact that the Democratic nominating process is totally rigged and Crooked Hillary Clinton and Deborah Wasserman Schultz will not allow Bernie Sanders to win, and now that I am the presumptive Republican nominee, it seems inappropriate that I would debate the second place finisher. ... I will wait to debate the first place finisher in the Democratic Party, probably Crooked Hillary Clinton, or whoever it may be.”
"It's about time for unity," said UAW President Dennis Williams. "We're endorsing Hillary Clinton. She's gotten 3 million more votes than Bernie, a million more votes than Donald Trump. She's our nominee." He called Sanders "a great friend of the UAW" while saying Trump "does not support the economic security of UAW families." Some 28 percent of UAW members indicated their support for Trump in an internal survey.
"Donald Trump on Thursday reached the number of delegates needed to clinch the Republican nomination for president, completing an unlikely rise that has upended the political landscape and sets the stage for a bitter fall campaign. Trump was put over the top in the Associated Press delegate count by a small number of the party's unbound delegates who told the AP they would support him at the convention."
"Clinton and Bernie Sanders "are now devoting additional money to television advertising. A day after Sanders announced a new ad buy of less than $2 million in the state, Clinton announced her own television campaign. Ads featuring actor Morgan Freeman as well as labor leader and civil rights activist Dolores Huerta will air beginning on Fridayin Fresno, Sacramento, and Los Angeles media markets. Some ads will also target Latino voters and Asian American voters. The total value of the buy is about six figures according to the Clinton campaign." Meanwhile, a new poll shows Sanders within the margin of error, trailing Clinton 44%-46%.