An alliance of American retail merchants nationwide is attempting to move the Congress and Capitol Hill to standardise the data-breach notification law.
Such a law will put down guidelines on how organisations must notify consumers in case of a data breach and also restructure the shoddy state of data breach notification laws.
In a petition fortified by the signatures of 44 organisations, the coalition of retail merchants wrote to the Congress: "Given the breadth of these invasions, if Americans are to be adequately protected and informed, any legislation to address these threats must cover all of the types of entities that handle sensitive personal information. Exemptions for particular industry sectors not only ignore the scope of the problem, but create risks criminals can exploit."
Compromising of personal data in cyberspace has become very common these days.
As recently as last week, a warning by the US government was issued regarding Russian sponsored malware making its way into the US electrical grid. Such a scenario can inflict mayhem on banks, hospitals, stores, homes, etc.
In the US, 47 states have enacted legislation for data-breach notification laws, but merchants and retailers dismiss them as vague and fragmented.
Although most of the financial industry is supposed to adhere to certain legal standards to safeguard customer data, retail merchants are not obliged to do so.
The US House of Representatives had passed an "information sharing legislation" allowing better coordination between the government and businesses regarding cyber security and sharing vital information which compromised that security, but it is yet to be acted upon.
More than bringing in a law for data breach notification, there must be inclusion of equalised data security standards to which businesses are supposed to adhere to while protecting consumer information.
Many such bills were proposed, but to no avail. Even the latest Data Security Act of 2014 has been collecting dust since January in the Senate’s Committee on Banking, Housing and Urban Affairs.
The National Retail Federation stated that the snag was because of the discussion over which kind of businesses should abide by the legislation. With the support of the Verizon 2014 Data Breach Investigations Report, the retailers’ coalition strongly recommended compliance by all businesses and organisations, as 10.8% of the data breaches in 2013 were accounted for by retailers out of the 34% of the financial services industry.
"Consumers deserve to know when they are placed at risk, regardless of where the risk arises. Congress should act to standardise reasonable, timely notification of sensitive data breaches whenever and wherever they occur," said the coalition letter.