NATSO urged members of the House Committee on Financial Services to continue discussions with stakeholders before moving draft data breach notification legislation to a markup because the draft bill would be less effective than existing law.
In a letter to Congress, NATSO expressed concerns with draft data breach notification legislation circulated by Rep. Blaine Luetkemeyer (R-Mo.), Chairman of the Subcommittee on Financial Institutions and Consumer Credit of the Financial Services Committee, and Rep. Carolyn Maloney (D-N.Y.).
The legislation as drafted creates data security requirements that are impractical for businesses similar to travel plazas and truck stops.
The draft legislation as written exempts a large category of financial institutions as well as “third parties” and “service providers and reduces incentives for exempted businesses to protect consumer data since they are not required to disclose their breaches. The draft legislation also preempts state laws that may try to regulate those exempted businesses. Furthermore, the service provider exemption would allow almost any company to qualify for an exemption because of the vague language used in the draft legislation.
NATSO urged Congress to support federal legislation on data breach notification that establishes practical data security standards; maintains an appropriate enforcement regime; creates a uniform national law to replace existing state laws; and guarantees all breached entities have notice obligations.
Just last month, NATSO joined trade associations representing more than a million businesses in telling Congress that any new federal law on data breach notification should apply to all industries that handle consumer data.
Subscribe to Updates
NATSO provides a breadth of information created to strengthen travel plazas’ ability to meet the needs of the travelling public in an age of disruption. This includes knowledge filled blog posts, articles and publications. If you would like to receive a digest of blog post and articles directly in your inbox, please provide your name, email and the frequency of the updates you want to receive the email digest.