The debate not only pits retailers against financial institutions, but congressional committee against congressional committee — never a good thing if you want to see legislation signed into law.

"I think it a tough issue because it breaks down along a lot of different lines," Brad Thaler, NAFCU's vice president for legislative affairs, said.

"This is a complex issue, with a diverse group of stakeholders and interests," Paige Anderson, director of government relations at the National Association of Convenience Stores, said. "Congress has been trying to pass a bill for over 10 years."

The split, unlike many issues, is not along party lines. Instead, it breaks down along industry lines. For example, the House Energy Commerce Committee during the last Congress approved legislation that was supported by merchants, but not financial institutions.

The House Financial Services Committee approved legislation that was supported by credit unions, but opposed by merchants.

The House and the Senate did not take action on the legislation, so the issue died at the end of last year.

Given the cost to financial institutions and others, merchant and credit union advocates agree how important the issue is to try to address once again.

For instance, a February 2015 NAFCU survey found that on average, credit unions spent $136,000 on data security measures and $226,000 in costs associated with merchant data breaches in 2014.

And so, despite the failures in the last Congress and their continuing differences, merchants and credit unions are renewing their push for legislation.

CUNA and NAFCU are pushing for national standards for merchants similar to the ones that financial institutions must comply with under the Gramm-Leach-Bliley Act. They're also pushing requirements that merchants promptly report data breaches.

"We want public disclosure if there's a breach," Thaler said.

And they want merchants to pay the costs that credit unions incur as a result of a data breach.

And any legislation that is passed should ensure that credit unions and cardholders can sue a merchant if the merchant is not in compliance with the national standard, Lance Noggle, CUNA's senior director of advocacy and counsel, said.

"If retailers are careless with their data, they should have to pay," Thaler said.

Even though credit unions contend that they already must comply with standards, Anderson said that all parties that handle data should be treated the same under any legislation that is enacted.

"If any data security legislation is going to be effective, it needs to place the same obligations and responsibilities on all parties that handle data, it must not carve out special interests or particular industries," she said. "No single industry should bear the responsibility of these new standards and requirements, basically, the legislation should not carve out special interests or industries."

She said that the entity that experiences the breach should be responsible for notification requirements.

"Likewise, all entities that touch sensitive data should have the same data security standard requirements — and the standards should include strong federal preemption language so businesses are not subject to a patchwork of state standards," she said.

The notion that every industry should be included in the new national standard helped kill the legislation in the last Congress, said Paul Martino, vice president and senior policy counsel at the National Retail Federation.

"What held up this legislation was an approach to single out specific sectors rather than [addressing it] in a comprehensive fashion," he said. He added that data breaches are not unique to any one industry.

He said that merchants already bear a share of the cost of data breaches.

And he agreed that there must be a general notice requirement for everyone.

"Certain industry sectors don't want to give notice of their breaches," he said, adding that merchants already are required to make disclosures under state laws of 47 states.

Anderson also said that Congress must focus on another pressing issue.

"Congress has been focused on legislation pertaining to what happens after a breach occurs," she said. "We also need to examine what is being done to reduce the risk of a breach to begin with."

Despite the fighting among the affected sectors, advocates said they are somewhat optimistic that some type of data breach legislation can pass.

Last year, the election hampered efforts to enact data security and any other type of legislation Noggle said.

"It was tough to pass anything last year," he said.

"I think there's an opportunity to get it done this Congress," Thaler said, adding that the nation's policymakers are focusing more and more on cybersecurity issues.

Anderson said the convenience store industry recognizes how important it is to find some common ground to ensure that legislation is enacted.

"With our businesses relying so much on technology, it is vital that everyone – businesses, government, consumers – work together to ensure that all that can be done is being done to keep our personal information safe and secure," she said.