Retailers: Don't Require Us to Meet Bank Security StandardsRetail Industry Leaders Association Executive Spells Out Objections to Bill
The Retail Industry Leaders Association is battling against passage of a national data security and breach notification bill known as the Data Security Act of 2015, or H.R. 2205, arguing it would unreasonably require retailers to meet some of the same security standards as banks, says Austen Jensen, the group's vice president of government affairs.
Jensen argues that the bill, which came out of the House Financial Services Committee last year, fails to address the unique security and business concerns of retailers.
In a recent letter to Congress, RILA explained its concerns. The letter points out, for example, that the legislation would require retailers to conduct background checks on certain employees, just as banks must do. RILA calls that provision impractical.
"It's always important to remain vigilant when facing any type of threat," Jensen says. "Our members certainly already go above and beyond when it comes to making sure that we are hiring people of integrity and strong character background. ... But I would point out that there is no perfect bill, there's no perfect law; there's no law that's going to stop every breach, whether that is at a large FI [financial institution] or a retailer or a hospital or at your hotel or at your local pizza joint. So it's important that these issues get addressed, and that's why RILA's at the table."
RILA is supporting another bill, the Data Security and Breach Notification Act of 2015, or H.R. 1770, which came out of the House Energy and Commerce Committee last year. The bill would require organizations to report breaches to the Federal Trade Commission and FBI and to restore the integrity, security and confidentiality of their data systems following the discovery of a breach.
Unlike the Data Security Act of 2015, which would apply the same consumer security and privacy mandates outlined for banking institutions under the Gramm-Leach-Bliley Act to other businesses, the Breach Notification Act of 2015 focuses on the role the FTC plays in regulating and fining businesses that don't meet "reasonable" security standards, he says.
During this interview (see audio player below photo), Jensen also discusses:
- His hopes for retailers and bankers can better collaborate on legislation going forward;
- Why the FTC's role in regulating retailers is so important; and
- Why Gramm-Leach-Bliley standards should not be applied to retailers.
At RILA, Jensen advocates before Congress to promote transparency, innovation and competition in financial practices within the retail industry. Before joining RILA, he spent more than 10 years in various staff positions in the U.S. House of Representatives.