"We shouldn't resort to new legislation that penalizes the victim," Carl Szabo, policy counsel for NetChoice, wrote.
With most breaches, businesses are already punished by having to pay fines to credit card companies and reimburse banks for fraudulent charges on credit cards.
Rather than pass additional laws, the association would prefer that Congress consolidate existing state laws on data breach notification into one federal standard.
"Today, online and offline businesses face a patchwork of state laws, attorneys general and consumer organizations that play by different and confusing rules," Szabo said. "A single federal standard for data breach notification would resolve the confusion and benefit both consumers and businesses."
Sign up for CIO Asia eNewsletters.