NATSO Submits Letter to FTC Outlining Data Security Principles

NATSO joined more than 10 retail trade associations in sending a letter to the Federal Trade Commission (FTC) outlining the groups' principles on data security standards and consumer notification requirements in the event of breaches of sensitive data. The letter was in response to the FTC's request for input on the current state of competition and consumer protection law.

Considering the widespread risk of data breaches afflicting all American industries and public institutions, the groups outlined for the FTC four key principles that should govern any federal data security and breach notification policy:
1) Establish Uniform Nationwide Law -- With a patchwork of inconsistent breach laws in effect throughout the different states, there is no reason to enact federal legislation in this area unless it preempts the existing laws to establish a uniform, nationwide standard so that every business and consumer knows the singular rules of the road. One federal law applying to all breached entities would ensure clear, concise and consistent notices to all affected consumers regardless of where they live or where the breach occurs.
2) Promote Reasonable Data Security Standards -- Data security requirements applicable to a broad array of U.S. businesses should be based on a standard of reasonableness. A reasonable data security standard, consistent with federal consumer protection laws applicable to businesses of all types and sizes, would allow the right degree of flexibility while giving businesses the appropriate level of guidance they need to comply.
3) Maintain Appropriate FTC Enforcement Regime -- Federal agencies should not be granted overly-punitive enforcement authority that exceeds current legal frameworks. 
4) Ensure All Breached Entities Have Notice Obligations -- Businesses in every affected industry sector should have an obligation to notify consumers when they suffer a breach of sensitive personal information that creates a risk of identity theft or financial harm.  Informing the public of breaches can help consumers take steps to protect themselves from potential harm.  It also creates greater incentives for all businesses handling sensitive personal information to improve their data security practices.  Creating exemptions for particular industry sectors or allowing breached entities to shift their notification burdens onto others -- as some in the financial services sector have proposed -- will weaken the effectiveness of federal policy, undermine consumer confidence, ignore the scope of the problem, and create loopholes that criminals can exploit.
David Fialkov's photo

David Fialkov

David Fialkov is the Vice President of Government Relations, as well as the Legislative and Regulatory Counsel, at NATSO. In this capacity, Mr. Fialkov directs NATSO's legislative, regulatory, and legal strategy on a range of issues, including transportation, energy and fuels, labor, data security, and taxes. Mr. Fialkov also oversees NATSO's political engagement program, including individualized legal and political counsel to member companies. Prior to joining NATSO, Mr. Fialkov was the senior associate in the Government Affairs and Public Policy practice at the law firm of Steptoe and Johnson in Washington, D.C. At Steptoe, Mr. Fialkov advised clients on legislative, regulatory, and political issues, as well as legal concerns. His primary clients included trade associations representing the motor fuel wholesale and retail industries, including the National Association of Convenience Stores and the Society of Independent Gasoline Marketers of America. Mr. Fialkov's focus was not only on the motor fuels business, but also the litany of other issues that retailers confront, including labor matters, foodservice issues, healthcare and employment issues, tax matters and data security. Prior to joining Steptoe, Mr. Fialkov graduated with honors from George Washington University Law School. He received his B.S. Summa cum laude with highest honors from Clark University in Worcester, MA. He lives in Washington, D.C. with his wife Allison and daughter Lilah. More
Web-Only Content

Tell Us What You Think

Back to Payment Systems