Several data security and breach notification bills in various congressional committees could become “very dangerous if they go in the wrong direction,” the Direct Marketing Association said yesterday.
In a List and Database Council teleconference, Jerry Cerasale, DMA senior vice president of governmental affairs, updated members on postal reform and rates as well as CAN-SPAM issues in Michigan and Utah, but it was potential data regulations that “could virtually shut people down.”
As frequently stated by DMA president/CEO John A. Greco Jr., the association favors federal legislation on data security and breach notification that creates a national standard and preempts state laws, Cerasale said. The DMA also wants notification provisions that are not too onerous.
The DMA aims to ensure that breach notification requirements extend to personal account data such as name and contact information only when coupled with Social Security number, driver's license number or account number, Cerasale said.
“We are trying to differentiate marketing data from data that can be used to steal someone's identity,” he said. “But if a marketer has customer data with account data on file and it were breached, the notification would apply.”
The DMA is reviewing six bills: three in Senate committees and three in House committees. All six have federal preemption, Cerasale said, but some would be too broad. He said that the Senate Judiciary Committee bill is the most problematic but that it probably would not go through.
“The definition of data broker is too broad, and it would pull all of you in,” Cerasale said, speaking of list companies.
The Personal Data Privacy and Security Act of 2005, introduced June 29 by Senate Judiciary chairman Arlen Specter, R-PA, and Sen. Patrick Leahy, D-VT, requires notification of consumers in case of a data breach and increases penalties and includes jail time for company executives who fail to provide notification. It contains a provision that would grant consumers access to and the chance to correct public records, as well as a provision to limit the buying, selling and displaying of Social Security numbers.
The Senate Commerce Committee bill is more to the DMA's liking, having a narrower definition of who is covered under the legislation. Cerasale said it is more of a bill for the financial services sector than a privacy bill.
As with these two bills, the other four are still under discussion in the Senate Banking Committee and the House Judicial, Financial Services and Commerce committees.
Kristen Bremner covers list news, insert media, privacy and fundraising for DM News and DMNews.com. To keep up with the latest developments in these areas, subscribe to our daily and weekly e-mail newsletters by visiting www.dmnews.com/newsletters