On Monday, President Obama proposed a new federal law that would require businesses to notify consumers that their personal data has been compromised within 30 days of discovering a security breach.
“Right now, almost every state has a different law on this and it’s confusing for consumers and it’s confusing for companies and it’s costly to have to comply with this patchwork of laws,” said President Obama in a speech to the Federal Trade Commission. “Sometimes folks don’t even find out their credit card information has been stolen until they see charges on their bill and then it’s too late.”
The law, called the Personal Data Notification & Protection Act, would replace the many various state laws currently at work in the United States. David French, senior vice president for government relations at the National Retail Federation (NRF), told The Wall Street Journal that the NRF has been actively pushing for a national breach notification law since 2005.
Although most retailers seem to be in favor of the idea of a federal law that will make compliance simpler to facilitate, they are also concerned that 30 days is not a reasonable amount of time to allow businesses to comply with the law. French told the journal that depending on the nature of the breach, retailers could require months of investigation before they are prepared to update consumers about what personal information might have been compromised.
If you haven’t upgraded your point of sale system yet, make sure your company is using software that protects your customers’ personal information from cyber-criminals and hackers. It’s always better to prevent a data breach with strong security measures than it is to do damage control after a crime has been committed.