“We know how important it is for our customers to feel confident that their personal information is secure, so we devote enormous time and resources to ensuring we achieve that goal,” said Ira Hammerman, Senior Vice President and General Counsel of SIA, in his prepared testimony. “We are concerned, however, that the expanding patchwork of state and local laws affecting data security and notice will make effective compliance very difficult for us and equally confusing for customers,” he added.
In light of its concerns, SIA urged the Committee to consider six principles:
- a clear national standard to achieve a uniform, consistent approach that meets consumer expectations;
- trigger for consumer notice tied to significant risk of harm or injury that might result in identity theft;
- a precise definition of sensitive personal information tied to the risk of identity theft;
- exclusive functional regulator oversight and rulemaking authority;
- flexible notification provisions; and
- reasonable administrative compliance obligations.
SIA’s submitted testimony can be found at http://www.sia.com/testimony/html/hammerman09-22-05.html