NACS Signs Letter to Congressional Leaders Urging Action on Data Security

More than 40 merchant organizations urge Congress to establish clear and uniform legislation to address cyber crime breaches.

November 06, 2014

WASHINGTON – Following the recent spate of data security incidents, NACS — along with more than 40 other merchant groups including the National Retail Federation, National Restaurant Association, Food Marketing Institute and others — sent a letter to Congressional leaders today urging that if Americans are to be adequately protected and informed, any legislative efforts to combat these threats must be comprehensive in scope and cover all types of entities that handle sensitive information.

The letter, which warns of the increasing cyberattacks, often by organized crime groups, urges legislators to focus not only on the effects of the breeches but on the underlying cause as well. The merchant groups emphasized the importance of establishing a single federal law, applying to all breached entities, that would ensure clear, concise and consistent notices to all affected consumers regardless of where they live or where the breach occurs.

In part, the letter reads: “If there is anything that the recently reported data breaches have taught us, it is that any security gaps left unaddressed will quickly be exploited by criminals. For example, the failure of the payment cards themselves to be secured by anything more sophisticated than an easily-forged signature makes the card numbers particularly attractive to criminals and the cards themselves vulnerable to fraudulent misuse. Better security at the source of the problem is needed. The protection of American’s sensitive financial information is not an issue on which sacrificing comprehensiveness makes any sense at all.”

The letter cites examples of recent data breaches that have affected a variety of business entities — JPMorgan Chase, Apple’s iCloud, even a Department of Homeland Security contractor — by corrupting the weakest links in the security chain. According to the 2014 Verizon Data Breach Investigations Report, 63,437 data security incidents were reported by the industry in 2013, with  1,367 suffering confirmed data losses. Of those, the financial industry suffered 34%, public institutions (including governmental entities) had 12.8%, the retail industry had 10.8%, and hotels and restaurants combined had 10%.

“Data security intrusions are a threat faced by every sector of our nation. Consumers deserve to know when they are placed at risk, regardless of where the risk arises.” The letter continues. “Congress should act to standardize reasonable, timely notification of sensitive data breaches whenever and wherever they occur. However, legislation that would demand notice of some sectors, while leaving others largely exempt, will unfairly burden the former and unnecessarily betray the public’s trust.”

Advertisement
Advertisement
Advertisement