2008 LEGISLATIVE AGENDA

Consumer Privacy and Identity Theft

Retail Council position

Continue to support proper and effective enforcement of current state laws that criminalize identity theft and require notification of the breach of security of certain computerized information systems.  Oppose any action that would unduly infringe access to information retailers need to properly identify, protect, market and extend credit to consumers.  Strongly oppose efforts to hold retailers financially liable for any   security breach illegally executed by identity thieves and computer hackers. 

Legislative action

Indicative of Retail Council support for sensible and effective tools to fight the devastating impact of identity theft, the Retail Council supported laws creating security breach notification (Chapters 442 and 491, Laws of 2005), as well as the state’s law creating the felony crime of ‘identity theft’ (Chapter 619, Laws of 2002).  The Retail Council also worked closely with lawmakers on the development of New York State’s law allowing consumers to request a ‘security freeze’ on personal information held by consumer credit reporting agencies (Chapter 63, Laws of 2006).

At a glance

  • The Retail Council shares the state legislature’s concern for innocent victims of credit fraud and identity theft, whose hard-earned credit worthiness is damaged as a result.  The retail industry, too, suffers serious customer relations consequences and financial losses whenever such fraud occurs.  Retailers, therefore, take very seriously customers’ personal information that is obtained and necessary for business transactions at the point-of-sale.
  • Retailers continue to develop and initiate practical standards and safeguards to enhance the protection of their customers’ personal information.  This includes the installation of security firewalls and software to protect store and corporate-level database systems, as well as requiring the presentation of clear personal identification prior to first use of a credit account.
  • Retailer access to personal information such as Social Security numbers is a critical step in the proper identification and analysis of prospective purchasers, and its access and use should not be arbitrarily curtailed.  A narrow legislative focus on retailers and their use of such data without simultaneously addressing all other uses and users is discriminatory and highly objectionable to the retail industry.
  • Reflective of the mutual trust that is so important between retailer and consumer, most retail merchants neither sell nor rent their customer information to outside entities.
  • Most retailers provide customers with the opportunity to “opt out” of marketing programs.  No merchant wants to irritate his customer base, and an opt-out request is handled with the same care and attention as is a request for additional information.  An “opt-in” standard would limit consumer access to important information and, in many cases, special offers that may be of significant benefit and interest to such consumers.  The Retail Council strongly opposes efforts to require “opt-in” standards as ultimately harmful to consumers.
  • The Retail Council pledges to continue its cooperative and constructive dialog with the state legislature in order to further advance measures that will provide workable, legitimate, and enforceable protections against identity theft, consumer fraud, and organized retail theft.