NRF Asks Senators To Reject Legislation Applying Banking Data Security Standards to Retailers

an NRF news release. The group cited a new NRF-commissioned white paper by former FTC Bureau of Consumer Protection officials Joel Winston and Anne Fortney saying the “broad expansion of data security standards similar to the Gramm-Leach-Bliley Act (GLBA) guidelines to virtually every unregulated business in the U.S. economy would be a serious error,” said the letter to Sens. John Thune, R-S.D., Bill Nelson, D-Fla., Jerry Moran, R-Kan., and Richard Blumenthal, D-Conn. Section 501(b) of the GLBA “required each of the federal bank regulatory agencies and the FTC to establish standards for the financial institutions subject to their respective jurisdictions with respect to safeguarding consumers’ nonpublic, personal financial information,” Winston and Fortney said. The GLBA guidelines shouldn't apply to nonfinancial businesses because the FTC is a regulatory agency, not a law enforcement agency; nonbank businesses would have little to no authority to implement changes to payment cards; and the FTC historically has objected to expanding GLBA requirements to retailers as doing so would not enhance the agency’s ability to protect consumers, Winston and Fortney said. “The FTC lacks supervisory examination authority and lacks the resources to provide the specific guidance and ongoing oversight that would be necessary to effectuate guidelines-type rules covering the huge diversity of nonbank entities,” Winston and Fortney said in their white paper. “While many merchants would like to see new credit cards being issued incorporate both a computer microchip and a personal identification number (PIN) to reduce fraud, banks and card issuers plan to issue chip-only cards, and merchants have no power to mandate the extra security that would be provided by a PIN,” said an NRF news release. While the NRF opposes expanding GLBA requirements to nonbanks, the association has supported a “uniform national data breach law,” its news release said.