Congress is considering legislation that would create a nationwide standard for identity theft notification – and the National Retail Federation (NRF) last week expressed concerns with certain provisions of the bill, in an official company statement.
The Identity Theft Protection Act (S. 1178), a bipartisan measure sponsored by Sen. Ted Stevens (Republican of Alaska) and four other Senators, would set a national standard for how companies must report data breaches, while also changing rules about notice triggers and credit reporting.
The NRF supports the idea of a national standard, because it would eliminate the patchwork of different systems put in place by state governments. But the group has qualms about the notice trigger – which NRF fears will lead to over-notification of customers. They also oppose the requirement of notification of credit reporting agencies, and a provision that would let customers freeze their credit files.
Last Wednesday, the bill was ordered to be reported with amendments favorably by the Senate Commerce, Science and Transportation committee. Different identity theft bills have already been enacted in 36 separate states in the past four years, the NRF said. A federal version has been under consideration for several years, but never passed.