The National Retail Federation told senators today that cybersecurity
legislation should remain focused on its key purpose and not be expanded
to include data breach legislation or broad new privacy regimes.
"Cybersecurity legislation includes the laudable goal of increasing
information sharing between the government and private sector, but the
goals underlying the cybersecurity legislation and provisions in data
breach notification legislation are fundamentally contradictory," NRF
Senior Vice President for Government Relations David French said in a
letter. "Juxtaposing these contrasting proposals would place businesses
in a precarious position when their systems are attacked by cyber
criminals. Thoughtful examination and comparison of these pieces of
legislation reveal that they are not properly aligned."
Two major cybersecurity bills are pending in the Senate. S. 2105, the
Cybersecurity Act of 2012, was introduced last month by Senate Homeland
Security and Governmental Affairs Committee Chairman Joseph Lieberman,
I-Vt., and Ranking Member Susan Collins, R-Maine. In addition, Senate
Commerce, Science and Transportation Committee Ranking Member Kay Bailey
Hutchison, R-Texas, and fellow committee member Senator John McCain,
R-Ariz., today introduced the Strengthening and Enhancing Cybersecurity
by Using Research, Education, Information and Technology Act, or SECURE
IT Act. Both bills are intended to protect "covered critical
infrastructure" against cyber attacks by terrorists and others.
While the bills are not directed specifically at retailers, many believe
any measure dealing with Internet security could become a vehicle to
which lawmakers would try to attach long-pending proposals regarding
online security and privacy. Among them are data breach measures that
could force retailers to unnecessarily spend millions of dollars on data
monitoring services for customers if their databases were hacked.
In addition, French noted that privacy legislation "has not been vetted
by any committees of jurisdiction in the Senate" and to add it to the
cybersecurity bill without a full range of hearings and debate "flies in
the face of the deliberative process that this sensitive topic deserves."
As the world's largest retail trade association and the voice of retail
worldwide, NRF represents retailers of all types and sizes, including
chain restaurants and industry partners, from the United States and more
than 45 countries abroad. Retailers operate more than 3.6 million U.S.
establishments that support one in four U.S. jobs – 42 million working
Americans. Contributing $2.5 trillion to annual GDP, retail is a daily
barometer for the nation's economy. NRF's Retail
Means Jobs campaign emphasizes the economic importance of retail and
encourages policymakers to support a Jobs,
Innovation and Consumer Value Agenda aimed at boosting economic
growth and job creation. www.nrf.com