Ad Groups Behind a ‘Balanced’ Data Breach Law28 May, 2014 By: Doug McPherson
WASHINGTON – An alliance of 16 advertising and publishing industry groups says it’s for a law requiring companies to tell consumers about data breaches – but only if the breach “poses a significant risk” of identity theft or economic harm.
The coalition, which includes the Direct Marketing Association (DMA), American Association of Advertising Agencies (4As) and the Association of National Advertisers (ANA), says in a letter to lawmakers that an “overly inclusive trigger would cause consumers to be burdened with unnecessary notifications.”
Specifically, the group wants Congress to avoid drafting a broad definition of “sensitive personally identifiable information (PII).” The organizations say the type of information that's available in phone directories should be excluded from any definition of sensitive PII. “A balanced bill would also exclude public records and information derived from public records from its scope,” the group writes.
The letter notes that American businesses have compelling incentives to protect sensitive information and maintain valuable customer relationships – and that they work tirelessly to implement security measures to safeguard data.
“Businesses have compelling incentives to protect sensitive information and maintain valuable customer relationships,” the letter stated. “We need Congress to act now to enact legislation to help businesses effectively inform and ultimately protect the customers they serve when data compromises do occur.”
The letter highlighted the vital nature of preempting the current patchwork of state laws. “We continue to believe that meaningful data breach notification legislation must establish a clear federal standard that preempts the patchwork of state laws in this area. Currently, disparate laws in 47 states plus the District of Columbia, Guam, Puerto Rico and the Virgin Islands, frustrate efficient and uniform breach notification to consumers.”
The DMA has supported the passage of a uniform national standard for breach notification. Last year, DMA named the passage of a federal breach notification law as one of “Five Fundamentals for the Future” that Congress should focus on in order to protect the data-driven economy.
“Just last month, DMA strongly praised the White House for affirming its support for passing a national data breach notification standard,” said Rachel Nyswander Thomas, DMA’s vice president of government affairs. “We will continue to work with the Administration and Congress to pass such a federal standard.”
The trade associations also say that any new law should prohibit consumers from suing privately. The group has argued in the past that Congress should concern itself with practices that could leave consumers open to fraud, and not those that pose more intangible privacy concerns.