Anti-Terrorism Bills Could Open Door to Retail-Unfriendly Privacy Legislation
Cyber security bills intended to protect critical infrastructure against Internet-based terrorist attacks could come to the Senate floor as soon as this month.
But NRF is concerned that the legislation could easily become the vehicle for much broader privacy and data security measures that could seriously impact the retail industry.
Democrats’ Cybersecurity Act of 2012 and Republicans’ SECURE IT Act are aimed at protecting anything from municipal water supplies to private-sector databases. NRF supports protecting infrastructure, and neither bill is directed specifically at retailers. But privacy advocates are expected to attempt to attach any number of proposals that could interfere with retailers’ use of technology to serve their customers.
A dozen bills are pending, including measures on “behavioral” advertising, “do not track” prohibitions, data breach notification and requirements for retailers to spend millions of dollars to provide customers with credit monitoring if databases are hacked. NRF is asking senators to keep cyber security legislation focused on national security, arguing that data breach legislation is “fundamentally contradictory” to cyber security. NRF has also noted that privacy legislation has yet to be vetted through congressional committees. Concerned retailers should contact senators as soon as possible.