Dozens of CEOs from companies like IBM and Amazon has sent an open letter to Senate and House leaders asking for comprehensive data protection laws. The letters claim state consumer privacy laws simply aren’t enough as they vary widely, lead to confusion, and threaten the competitiveness of the United States. The companies claim a federal law would create a more stable policy environment that allows companies to create products within precise and predictable boundaries.
The letter was sent on behalf of Business Roundtable, an association of CEOs of some of the largest companies in the United States. The CEOs of Walmart, State Farm, Salesforce, Qualcomm, IBM, AT&T, Visa, Mastercard, JP Morgan Chase, and Amazon are among those who have signed the letter.
The group blames a rising number of different state privacy regulations as a leading reason for complicated consumer privacy in the country. This patchwork of regulations has also increased complications for companies that must comply with laws across various jurisdictions and states.
One of the most comprehensive forms of privacy protection passed at the state level is the California Consumer Protection Act (CCPA), a landmark privacy law that will go into effect in 2020. Beginning in 2020, Americans will have the right to demand a company disclose what personal data they have collected about the consumer and ask the company to delete the information or not share it with third parties. Companies will also need to be more upfront in telling consumers what data they collect.
While CCPA is a state law that technically only applies in California, it also covers any out-of-state merchant who sells to California or displays a website in the state. That means that any merchant will have a strong interest in complying with CCPA rather than leaving the fifth largest economy in the world.
With a single federal law for privacy and data protection that would supersede state laws, product design, data management, and compliance would be simplified.
However, some privacy advocates argue the tech companies are more interested in protecting their own interests as combining privacy regulations under a federal umbrella would allow lobby groups to water down meaningful protections. With too much protection, companies may have trouble selling certain types of consumer data to online advertisers, a large and growing area of business.
The Business Roundtable released its own consumer privacy framework it wants Congress to consider as the basis for a future privacy law. Their proposal includes many provisions of the General Data Protection Regulation (GDPR) of the European Union in more broad terms.
In February, the US Government Accountability Office (GAO), a government auditing agency, gave Congress permission for passing a national data privacy law to improve consumer protections much like the GDPR. GAO also recommended placing the FTC in charge of enforcing future privacy law in the United States.
By June, reports surfaced that lawmakers had reached a roadblock attempting to create a national privacy law. Senators could not agree on how strict rules should be or on the key items of the bill.
And one last thing to consider if you are a merchant and you are worried about data breaches affecting your bottom line: Host Merchant Services Data Breach Security Program. Click that link to download a PDF explaining the value-added service HMS provides its merchants that goes above and beyond just simple PCI Compliance and helps ensure a merchant’s peace of mind.