DMA Asks Congress to Pass National Breach Notification Law

From DMA: The Direct Marketing Association (DMA) today sent a letter to Congress restating its long-standing commitment to ensuring the security of consumer data across the entire data-driven marketing economy.

The letter states, in part:

The DMA aims to preserve the benefits of data-driven marketing by asking Congress to focus its legislative efforts on passing a national breach notification law that would preempt state laws.

The letter goes on to state:

While DMA is supportive of a federal breach notification law, we urge Congress to not pass other types of prescriptive legislation that would stifle innovation. While recent events may have highlighted for the general public the threats that criminals pose to data security, businesses have been protecting against these threats for a long time and have been largely successful in thwarting criminals' attempted breaches. Businesses expend significant time and resources learning what tactics and measures are most effective against would be hackers and implementing those measures. The DMA fully supports these measures and our Guidelines help ensure effective implementation.

We look forward to working with Congress to pass a federal breach notification law that safeguards American consumers and aids Main Street in fighting criminal activity.

The full text of the letter follows:

February 3, 2014

As Congress continues to hold hearings on the recent spate of criminal cyber attacks on American businesses and customers, the Direct Marketing Association (DMA) writes to restate our long-standing commitment to ensuring the security of consumer data across the entire datadriven marketing economy. In keeping with this enduring commitment to setting and enforcing meaningful data security measures through self-regulation, industry will take immediate steps to combat criminal efforts that victimize American consumers and Main Street businesses.

The DMA (www.thedma.org) is the world's largest trade association dedicated to advancing and protecting responsible data-driven marketing. Founded in 1917, DMA represents thousands of companies and nonprofit organizations that use and support data-driven marketing practices and techniques. DMA provides the data-driven marketing economy (DDME) a voice to shape policy and public opinion, the connections to grow members' businesses and the tools to ensure full compliance with ethical and best practices as well as professional development.

We recognize that when consumer data is adequately protected and used responsibly, it benefits consumers, businesses, and the economy. A recent study undertaken by Professors John Deighton of Harvard Business School and Peter Johnson of Columbia University indicates that the DDME provided $156 billion in revenue to the U.S. economy in 2012 alone, and fueled more than 675,000 jobs across the country. The study further illustrated that the real value of data is in its exchange across the DDME: 70 percent of the value of the DDME—$110 billion in revenue and 478,000 jobs—depends on the ability of firms to exchange data across the DDME.

On January 30, 2014, the DMA Board of Directors unanimously approved the addition of enhanced data security provisions to DMA's Guidelines for Ethical Business Practice and called on every data-driven marketer to take proactive measures to further enhance data security across the DDME:

• Develop and implement a data integrity and governance program;
• Read and use in all marketing practices the principles and guidance outlined in the updated Guidelines for data security and other marketing practices issues by DMA as part of our public trust with consumers;
• Continue to work through DMA with policymakers to enact a national standard for data breach notification, in keeping with DMA's long-standing support for passing of a federal breach notification law; and
• Work with internal and industry stakeholders to identify additional data security measures and practices to help reduce the risk of data breaches across the DDME.

The data security enhancements to DMA's Guidelines for Ethical Business Practice expand a self-regulatory code that has provided data-driven marketers with generally accepted principles of conduct and formed the basis for industry-wide self-regulatory enforcement for more than forty years. The updates are in the areas of data security, mobile applications, and retailer data. The updated Guidelines speak directly to the issue of data security, recommending that datadriven marketers consider an information management program that addresses Data Minimization, Retention, Access, Use, Communication, Storage and Disposal for all types of data collected and used.

The DMA aims to preserve the benefits of data-driven marketing by asking Congress to focus its legislative efforts on passing a national breach notification law that would preempt state laws.

The current state of affairs is that there are more than 47 state laws that may apply depending on the state in which a consumer lives. This patchwork of laws is unwieldy, inefficient, and confusing. Businesses and consumers will be better served with a single, cohesive, transparent federal law.

While DMA is supportive of a federal breach notification law, we urge Congress to not pass other types of prescriptive legislation that would stifle innovation. While recent events may have highlighted for the general public the threats that criminals pose to data security, businesses have been protecting against these threats for a long time and have been largely successful in thwarting criminals' attempted breaches. Businesses expend significant time and resources learning what tactics and measures are most effective against would be hackers and implementing those measures. The DMA fully supports these measures and our Guidelines help ensure effective implementation.

We look forward to working with Congress to pass a federal breach notification law that safeguards American consumers and aids Main Street in fighting criminal activity.

Sincerely,

Peggy Hudson
Senior Vice President, Government Affairs
Direct Marketing Association