Data Security

Whenever marketers or their suppliers possess consumer data, they must take reasonable steps to secure that data and prevent misuse of it.  Data security applies to on-line and off-line data storage.  It requires employees with access to the data to be constantly trained and supervised. 

One particular marketing use of consumer data is to help prevent fraud which reduces identity theft and credit card fraud.  DMA’s position is that government should enhance and support – not restrict – anti-fraud uses of consumer data.  DMA strongly supports legislation that strengthens penalties and provides resources to identify and prosecute those who obtain consumer information illegally and/or use that information for fraudulent or deceptive purposes. 

While supporting regulations that require reasonable security, DMA has consistently opposed any effort to delineate specific security on-line protocols in regulations.  Such prescriptive regulations would prevent companies from using new technologies and provide a blueprint for hackers to harm consumers and companies.

DMA generally supports a national standard for data protection and appropriate risk-based triggers for notification in the event of a breach.  All marketers holding consumer data should have a written security plan that includes training of all employees with access to consumer data. We continue to work with Congress to pass such a law.  However, consumers should be notified only when there is a reasonable expectation that they may be subject to identity theft.  DMA opposes legislation that would force unnecessary notification that could frighten consumers in the short run and desensitize consumers to breach notifications by having too many false alarms.