While welcoming a national uniform standard for data-breach notification, the NRF is concerned that the bill "contains an unworkable notice trigger which we believe could lead
to the ineffective and cumbersome over-notification of consumers who are not at risk of identity theft," writes Steve Pfister, NRF senior vice president for government relations, in a letter to
committee members.
The NRF found other aspects of the bill troublesome, including a section requiring parties with a "direct relationship" with a consumer to make notification of security breaches." Moreover, a section of the bill addressing the use of Social Security numbers could interfere with legitimate use when identifying employees for immigration compliance, wages and benefits purposes. The NRF also is concerned over a provision in the bill that would let consumers place a security freeze on their credit files.
advertisement
advertisement