June 7, 2016 – You would think that after all of the bad publicity generated by massive data breaches at Target and Home Depot that they would be all for a law that could go a long way towards stopping data breaches in the first place. But these retailers, along with many others that have had large data breaches, are part of the Retail Industry Leaders Association. And RILA is adamantly opposed to a bill currently moving through the House of Representatives that would force retailers to adopt the same standards for data protection that are currently in use in the financial services industry.
|
|
|
|
|
|
For several years now, we’ve been criticizing efforts in congress to white wash data breaches. In fact, legislation that we have called “the worst data breach bill ever” has continually reared its ugly head in the hallowed halls of congress. The general terms of that legislation would override all state data breach bills and allow companies involved in a breach to determine if their customers should be notified.
For that reason alone, we were pleasantly surprised by HR2205; a bill that would force retailers to encrypt stored and transmitted data, and force them to notify consumers in the event of a data breach.
But to anyone who has watched the actions of large retailers when dealing with data breaches it probably won’t come as a surprise that RILA has decided to “lead from behind.” In a letter which in our opinion is riddled with inaccuracies, RILA says that it is “unfair” to impose these standards on retailers.
But what about being fair to consumers? They don’t appear to be too concerned with that.
The real question here is, when you shop at a retailer and provide them with your personal financial information, how much of an obligation does that retailer have to protect your data? RILA appears to be saying that they have no obligation whatsoever. We disagree.
Retailers do not have to store your information on a long term basis. They choose to do so because they can pepper you with advertising and increase their sales. That’s to their benefit. But it would seem that by taking this approach, they also have an inherent obligation to protect you.
If you look through the list of RILA member companies, it won’t take you any time at all to pick out some of the largest data breach offenders in the country. IMHO, their opposition to this bill means that they should drop the word “leaders” from their name. The only think they appear to be leading is a war on consumer privacy and against identity theft prevention.
byJim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
Follow me on Twitter:
|