Missouri U.S. Senator Roy Blunt (R) is the lead Republican sponsor for a data security bill that would help protect consumers from identity theft and account fraud. It would also establish consistent rules of the road nationally for public and private institutions to follow to prevent and respond to data breaches.
Blunt introduced the “Data Security Act of 2014” together with U.S. Senator Tom Carper (D-Delaware) on January 15.
“New technologies pose new opportunities – as well as new security challenges. As recent headlines have once again reminded us, now is the time to strengthen our nation’s data security and defend consumers against data breaches by both businesses and government agencies,” says Sen. Blunt in a recent press release. “I’m glad to work with Senator Carper again as we continue our bipartisan effort to create consistent national standards to better protect consumers and businesses from identity theft and account fraud.”
The Data Security Act of 2014 would expand breach notification requirements to all U.S. businesses without imposing new requirements on financial institutions subject to the Gramm-Leach-Bliley Act of 1999 data protection measures. It would require financial institutions, retailers and federal agencies to better safeguard sensitive information, notify consumers if a breach occurs, and conduct their own investigations in that event. In addition, federal authorities, law enforcement officials and various consumer reporting agencies would have to be notified if a breach impacts more than 5,000 consumers.
The bill does not include reimbursement of credit unions for expenses related to merchant data breaches or the ability of credit unions to identify the source of a breach when it is known and would not adversely affect an investigation.
"We appreciate Senator Blunt's leadership on introducing legislation that works toward solutions in the data security issue," says Don Cohenour, MCUA President/CEO. "We still need to address other concerns for credit unions regarding data security, but this is an ongoing process and having lawmakers willing to step forward with legislation on data breach is an important step."
The Data Security Act of 2014 aims to replace the current state laws with one set of national requirements. To date, 49 states and U.S. territories have laws governing data security and data breach notification requirements. This will ensure that standards are uniform and do not differ from state to state.
This legislation is modeled after the data security and breach-response regime established under the Gramm-Leach-Bliley Act of 1999 and subsequent regulations. It builds on existing law to better ensure federal and state regulators comply with the law and to make sure that data security procedures are uniformly applied.