The National Restaurant Association was one of 44 trade associations that asked Congressional leaders last Thursday to require without exceptions the disclosure of data security breaches like the theft of credit card information.
In a letter to leadership of both legislative chambers, the groups stressed that the requirement should fall on all parties whose stored customer or employee information may have been stolen. They cited the instance where JPChase, a banking giant, did not reveal it had been hacked, nor the extent of the breach, for months. Some 83 million accounts with the bank may have been compromised.
The letter also singled out Apple, whose remote data-storage “cloud” had been penetrated by hackers who stole customers’ pictures.
It also noted that even a contractor for the U.S. Department of Homeland Security had been unable to thwart data criminals.
Parties of that scale should not be exempted because of their size or function, the group argued.
Responsibility for alerting consumers to the possible theft of information is a new frontier, with few rules and regulations. Even voluntary best practices are still evolving. Yet the effects on consumer trust can be devastating to businesses that rely on credit-card transactions, like restaurants.
Like the NRA, other signers of the letter represented retail businesses whose members routinely process credit-card charges.