Why Companies Want Congress To Tell Them What To Do After Data Breaches

It's the kind of top-down, one-size-fits-all, heavy-handed regulation that corporate America despises. The exact type of mandate that businesses pay lobby shops millions to tweak and twist into oblivion. Except this time, America's big-box stores are begging Congress to boss them around.

Reeling from high-profile privacy fumbles at Target and Neiman Marcus, retailers are asking Congress to require them to notify customers when shoppers' information has been put at risk. Currently, when firms spill data, they're subject to a patchwork of state rules: 46 states, plus the District of Columbia, have their own privacy-breach notification laws. For a company like Target, which has stores in every state save Vermont, that means a massive compliance struggle. Backers of a unified standard say a federal requirement would not only make companies' lives easier but would also help firms serve their customers better by giving businesses a quick and comprehensive way to address hacks. And with tens of millions of Target and Neiman Marcus customers wondering if their credit cards are about to be used for someone else's shopping spree, the issue has new momentum in an otherwise gridlocked Congress.