DMA Calls On Congress For Data Breach Law

Would Force Companies To Notify Customers Immediately Regarding Data Breach

Data Breach RulesThe Direct Marketing Association (DMA) sent a letter to Congress last week asking to pass a national data breach notification law. Members of Congress have been discussing measures that would force companies to notify all of their customers as soon as they attain knowledge of any data breach or security breach, but no measure has reached the point of official debate or vote.

“Businesses have compelling incentives to protect sensitive information and maintain valuable customer relationships,” stated the letter, which was signed by 15 trade associations – including the American Advertising Federation, the American Association of Advertising Agencies, and the Interactive Advertising Bureau – in addition to the DMA. “We need Congress to act now to enact legislation to help businesses effectively inform and ultimately protect the customers they serve when data compromises do occur.”

Within the past six months, high profile data breaches at retailers such as Target, Neiman Marcus, and Michael’s Stores have caused concern for the direct marketing and advertising industries. The associations are hoping to get legislation passed so that there’s no delay in customers and data providers finding out when a vendor is breached.

Currently, 47 states in the U.S. have laws mandating companies to notify consumers after a data breach. However, that has led to confusion in the marketplace because the laws in each state have subtle differences. “We continue to believe that meaningful data breach notification legislation must establish a clear federal standard that preempts the patchwork of state laws in this area,” the DMA’s letter said. “Currently, disparate laws in 47 states plus the District of Columbia, Guam, Puerto Rico and the Virgin Islands [impair] efficient and uniform breach notification to consumers.”