The National Restaurant Association is pressing Congress for changes to keep a welcomed data-security bill from turning into a bad dream for restaurants.
Among the concerns is the possibility of unintended results from provisions intended to protect the customer data aggregated in loyalty programs. The association is urging lawmakers to prevent the protective measure from undercutting the programs’ purpose of fostering personalized and highly targeted communications with participants.
The industry lobbyist is asking lawmakers to keep their bill from overriding state privacy regulations that have been effective in protecting personal information about loyalty-program members without stymying efforts to learn more about them.
Simultaneously, the NRA is urging members of the subcommittee finalizing the American Data and Privacy Protection Act to be wary of providing too many state-level exceptions to the federal rules being drafted.
Part of the act’s appeal to the restaurant industry, the association explains, is the elimination of the regulatory patchwork multi-state operators currently have to navigate. Instead of abiding by different rules in each state, they’d have a single set of standards to meet.
That benefit would be lost if too many state-level exceptions are permitted, according to the group.
In a statement issued Friday, the NRA also cited concerns about the bill’s broad-brush approach to chains. As currently written, the group said, the lapse of a single unit or franchisee would be regarded as an infraction by the whole system.
It also questioned the inclusion in the bill of language that allows consumers to sue violators of the proposed law instead of merely pursuing criminal sanctions. Trial lawyers will likely view that provision as an opportunity to pursue litigation whether it’s warranted or not, the association asserted.
In addition, the group is asking the House Energy and Commerce Subcommittee on Consumer Protection and Commerce to ensure maintenance providers and other “downstream” parties are accountable for the ways they safeguard consumer data. Although a restaurant might have collected the information on customers, the group says, they should not be responsible for the actions of third parties that handle it.
“Whether it's putting cash and receipts in a register or safe, or maintaining the highest standards when selecting, storing, and preparing food, security is a priority for restaurant operators,” Sean Kennedy, EVP of public affairs for the association, said in a statement. “Securing our customers’ personal information is no different.”
The act is currently in the mark-up stage, where amendments and changes to the language are introduced and debated by the committee or subcommittee considering the measure. A bill typically moves on afterward to a vote by a full committee or the whole House.
Members help make our journalism possible. Become a Restaurant Business member today and unlock exclusive benefits, including unlimited access to all of our content. Sign up here.