RILA to testify at Congressional data breach hearing

Arlington, Va. - The Retail Industry Leaders Association (RILA) will testify Tuesday, Jan. 27 at the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade hearing, “What are the Elements of Sound Data Breach Legislation.” In his testimony, Brian Dodge, executive VP at RILA, will focus on retailers’ priority of supporting a strong preemptive federal data breach law that allows for reasonable and clear notice triggered by potential customer harm.



Dodge will lay out existing state data breach notice laws and data security regulatory regimes retailers are subject to. RILA will lay out its priorities for the committee to consider as part of data breach legislation, including a carefully calibrated, reasonable data security standard.



“Retailers embrace innovative technology to provide American consumers with unparalleled services and products online, through mobile applications, and in stores,” Dodge will say in a prepared statement. “While technology presents great opportunity, nation states, criminal organizations, and other bad actors also are using it to attack businesses, institutions, and governments. As we have seen, no organization is immune from attacks and no security system is invulnerable. Retailers understand that defense against cyber attacks must be an ongoing effort, evolving to address the changing nature of the threat. RILA is committed to working with Congress to give government and retailers the tools necessary to thwart this unprecedented attack on the U.S. economy and bring the fight to cyber criminals around the globe.”



RILA will urge the committee to consider data breach legislation that creates a single national notification standard with a reasonable timetable for notification. RILA will also ask that legislation provide flexibility in the method of notification, ensure notice is required only when there is reasonable belief a breach will cause harm, establish a precise definition of personal information, include a calibrated data security standard, and ensure fair, consistent, and equitable enforcement of a data breach law.