WASHINGTON (1/16/14)--The Data Security Act of 2014 (S. 1927), introduced by Sens. Tom Carper (D-Del.) and Roy Blunt (R-Mo.) Wednesday, is the latest in a series of data security bills released in the wake of the recent Target data breach.
The Carper/Blunt bill would require credit unions and other financial institutions, retailers, and federal agencies to protect sensitive information, notify consumers if a breach occurs, and conduct their own investigations in that event. If a breach impacted more than 5,000 consumers, the federal authorities, law enforcement officials, and various consumer reporting agencies would have to be notified. Overall, the bill aims to replace various state-based data protection laws with one single, federal standard.
"New technologies pose new opportunities--as well as new security challenges," Blunt said. "As the recent incidents involving Target and Neiman Marcus remind us, major data breaches that compromise consumers' identities and financial security are becoming more routine. These recent breaches, and others before them, underscore the need for Congress to act to protect Americans against fraud and identity theft," Carper added.
The Credit Union National Association supports the Carper/Blunt legislation, which is similar to bills the legislators have introduced over the last five years.
On the House side, another cybersecurity bill, the National Cybersecurity and Critical Infrastructure Protection Act (H.R. 3696), was amended by the House Homeland Security subcommittee on cybersecurity, infrastructure protection, and security technologies on Wednesday. The bill will move on to the full committee for consideration. (For more on H.R. 3696, see Dec. 14 News Now: CUNA: Bill would back CU cybersecurity efforts.)
Sen. Patrick Leahy (D-Vt.) has also introduced the Personal Data Privacy and Security Act, which would establish consumer data security standards for companies, and require them to notify consumers when a data breach has occurred.
House Financial Services Committee leaders have said their panel will conduct their own data security hearings, and Senate Banking Committee Chairman Tim Johnson (D-S.D.) is also reportedly considering similar action.
CUNA President/CEO Bill Cheney this week called on Target and other merchants responsible for breaches in the security of the personal financial information of their customers to step up and do the right thing. Target has admitted responsibility for the breach that compromised the data of as many as 70 million customers, but Cheney said more is needed. "Their admission should mean that the retailer, not credit unions and other financial institutions, should pay for the costs associated with making consumers whole, including reissuing payment cards," Cheney emphasized.