Things must be really bad if an industry federation (the NRF and various other retail industry groups), in this case, send an open letter to congressional leaders asking for more regulation. The letter lists breaches at JP Morgan Chase, Apple’s iCloud, and the Department of Homeland Security. It also quotes the Verizon Data Breach Investigations Report, that shows that 63,437 data security incidents were reported by industry out of which 1367 had confirmed data losses (10.8% of which were retail industry, by the way).

Here’s a quote from the letter about what they want Congress to do – “Congress should act to standardize reasonable, timely notification of sensitive data breaches whenever and wherever they occur. However, legislation that would demand notice of some sectors, while leaving others largely exempt, will unfairly burden the former and unnecessarily betray the public’s trust.  We look forward to working with you to address criminal data thefts in a way that covers everyone who is at risk, and that promotes solutions that will protect American consumers now.”

Is this the beginning of a realization that the status quo is not working well enough for them? Maybe this?