Data Security


Surreptitious computer users, corporate error and other factors have lead to a number of high-profile personal data security breaches, where sensitive information leaves the control of merchants, banks or credit card companies. Congress is looking for the right balance between securing sensitive personal information and not hindering the ability of businesses to use more benign information for legitimate purposes.

AAF Position

Data security breaches may be serious violations of one's financial, medical or other personal information. Or they may reveal individual and aggregate data about buying habits, marketing preferences and the like. This difference must be distinguished when deciding how breaches are handled. Brand preference doesn't need to be treated with the same level of security as financial records. The AAF believes some proposed laws aimed at securing data would do more harm than good.

For instance, marketers may keep track of grocery store purchases in order to provide a customer with coupons he or she is most likely to use. Many Web sites will track which links a user clicks on to gauge interest but does so anonymously. This information is used to target ads most likely to be of interest. The AAF believes improved enforcement of existing laws and regulations serves the public better than creating overreaching laws that may stymie innovation and cripple e-commerce.


As a result of several high-profile data security breaches, privacy advocates have called for strict restrictions on data use and guidelines for responding to a breach. Criminal penalties have been proposed, not only for those responsible for the breach, but also for those found to have hidden the breach from the public.

Last Updated: April 2019