The National Retail Federation issued a statement last week that lawmakers considering Federal data breach legislation should consider the different types of consumer data kept, and the risks associated with those data types. The NRF suggests that breaches of sensitive information be treated differently than information that cannot lead to identity theft.

The NRF, the world’s largest retail trade association, stated that they back national data breach notification standards as being in the best interests of both businesses and consumers. However, they say that retailers don’t usually possess the private consumer data needed to commit identity theft. Typically, retail consumer data breaches will pose a risk only for credit card fraud. This theft is easier to detect and resolve than identity theft.

The NRF suggests that data breach legislation distinguish between these different types of information and the risks they pose if breached, as well as the size of businesses affected. They suggest replacing the term “significant risk” in the legislature with “reasonable risk”.

The NRF says that the current legislation would impose a heavy burden on small businesses; they say that smaller businesses are not overtly targeted for data theft, and the strict security standards would greatly affect the small business sector.

The NRF makes some good arguments with regards to differentiating between data types in the data breach legislation. The severity of the breach is much less detrimental in the case of credit card information, and such breaches can be addressed outside the public eye. However, I think that security standards should apply universally across data types, if not business sizes. Every company holds personal employee information, as well as customer information, and we have seen just how many employees have been affected by recent data breach cases.

Via Computerworld Tags: , , , , , , ,

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • del.icio.us
  • Digg
  • StumbleUpon
  • Technorati