“Whether it’s putting cash and receipts in a ledger or safe, or maintaining the highest standards when selecting, storing and preparing food, security is a priority for restaurateurs,” said Sean Kennedy, executive vice president of public affairs at the national restaurant. Association. “Securing our customers’ personal information is no different. As the cornerstone of communities across America, restaurateurs build their business on trusted relationships with their customers, and they rely on strong privacy and data security practices to reinforce that trust in the today’s digital economy.
The Association has expressed concerns about specific aspects of the bill, including:
- Derogations in federal preemption – The Association is concerned that there are far too many exceptions for state-level privacy laws, consumer protection laws, and laws that govern both employee data and data biometrics, among others. These exclusions essentially negate the bill’s pre-emptive provision and would require domestic restaurant companies to comply with federal and state laws.
- Inclusion of private right of action – The Association is concerned that language permitting a civil action in federal court would allow litigators to embroil operators in unwarranted and endless litigation. These actions do not improve consumer protection but often penalize the transactions concerned.
- Loyalty programs – The bill includes language aimed at preserving consumer loyalty programs, but the Association believes the provision would impede the ability of consumers and restaurants to voluntarily establish loyalty relationships. These types of programs are essential to the business model of many restaurants, and the Association hopes the bill can be amended to reflect national data privacy laws that have already proven successful.
- Service Providers and Third Party Requirements – Restaurants are often a first point of consumer data collection, but they should not be held liable for potential data privacy breaches committed by their downstream business partners. The Association would like to see the service provided and the requirements of third parties strengthened so that no consumer is left unprotected when their personal data is processed by a company, regardless of their place of residence.
- Exemption of small data – The bill includes an exemption threshold for small business data; however, the current definition will still place a significant burden on small business restaurants. The Association would like to see the requirements changed so that they work for smaller restaurateurs.
- Definition of Covered Entity – Under the current bill, the definition of covered entity would mean that restaurants with a common brand all become liable for an operator’s violations. The Association would like the bill to take into account the industry’s unique franchise structure when defining covered entities.
“This bill is moving very quickly through the Committee, and we are working with members to address these concerns. The good news is that all of these concerns have resolutions that would significantly improve this bill for the restaurant industry while strengthening consumer protections,” Kennedy said.
Find the Association’s letter to the Subcommittee here and find the full text of the bill here.
About the National Restaurant Association
Founded in 1919, the National Restaurant Association is the premier trade association for the restaurant industry, comprising nearly one million restaurant and foodservice outlets and a workforce of 14.5 million employees. Along with 52 state associations, we form a network of professional organizations dedicated to serving every restaurant through awareness, education and food safety. We sponsor the largest trade show in the industry (National Restaurant Association Show); food safety training and certification program (ServSafe); unique high school career development program (NRAEF’s ProStart). For more information, visit Restaurant.org and find @WeRRestaurants on Twitter, Facebook and Youtube.