weinman with you. and the question would be what would you perceive in terms of how the dead canline should be established -- deadline should be established or the criteria for what would be a reasonable response and your view on whether an arbitrary deadline is something that would be, should be included in a data breach notification. >> thank you. i think an arbitrary deadline a specific time frame is not useful in that it sets an objective standard. each data breach incident is different. each incident requires special consideration to address vulnerabilities, cooperate with law enforcement. some breaches will require cooperating with many different types of law enforcement. so i don't think a specific day deadline is useful. that being said, a number of the states have deadlines that do not involve specific days, and i think that is the right approach to give sufficient flexibility. >> is there any is there any sort of -yard lines you'd look at -- guidelines you'd look at to determine whether a res

weinman. the question would be, what would you perceive, in terms of how a deadline to be established or criteria for what would be a reasonable response, and your view on whether an arbitrary deadline is something that should be included in a data breach notification. >> thank you. i think an arbitrary deadline, a specific time frame, is not useful in that it sets an objective standard. each data breach incident is different. each incident requires special consideration to address boehner abilities. cooperate with law enforcement. cooperating with different types of law enforcement. i do not think a specific deadline is useful. that being said, a number of states have deadlines that do not involve specific days. i think that is the right approach to give sufficient fox ability -- flexibility. >> are there any guidelines you would look like as to whether or not a response was appropriate? if a guideline becomes an appropriate timeframe, what would be a triggering factor of whether the response

miss weinman, you have extensive experience in this area. having worked the ftc prior to your turn position. -- your current position. could you give us your explanation of why you think a single federal law is so preferable for businesses and consumers? >> thank you. i have a chart with me that is 19 pages long that goes through the variances of the different state laws. that reason alone, i think lends it self to having one notification standard to enable companies to act quickly and provide the required notice. i think it i both business friendly, and consumer friendly. >> mr. duncan, your testimony highlights the need for congress to enact a preempted federal data breach notification law. i agree that would provide a great deal of clarity for companies, including retailers and merchants you count as remembers. it also provides needed consistency for consumers, which is an issue. congress has dealt with in the past. there have been proposals that call for uniform notification procedures and uniform federal data security standards. i appre

miss weinman, you have extensive experience in this area. could you give us your explanation of why you think a single federal law is so preferable for businesses and consumers? >> thank you. i have a chart with me that is 19 pages long that goes through the variances of the different state laws. that reason alone, i think, lends it self to having one notification standard to enable companies to act quickly and provide the required notice. i think it i both business friendly, and consumer friendly. >> mr. duncan, your testimony highlights the need for congress to enact a preempted federal data breach notification law. i agree that would provide a great deal of clarity for companies, including retailers and merchants you count as remembers. it also provides needed consistency for consumers, which is an issue. congress has dealt with in the past. there have been proposals that call for uniform notification procedures and uniform federal data security standards. i appreciate your observations about some of the risks of ftc enforcement. says tha