WASHINGTON (8/2/12)--Retailers, data brokers and government agencies would be required to protect sensitive information, investigate security breaches and notify consumers when identity theft or account fraud risks arise, under a bill introduced by Sens. Roy Blunt (R-Mo.) and Tom Carper (D-Del.) this week.
The senators offered the bill, known as the Data Security Act of 2012, as a potential amendment to Senate cybersecurity legislation. The larger bill, known as the Cybersecurity Act of 2012 (S. 3414), would establish voluntary cybersecurity standards in a bid to improve critical information protections.
In a release, Blunt and Carper noted that their amendment would increase consumer protections by replacing varied and sometimes conflicting state data protection regulations with a new national standard.
The amendment "builds on existing law to better ensure federal and state regulators comply with the law and to make sure that data security procedures are uniformly applied," the release added. "Although some state laws are similar, many have inconsistent and conflicting standards, forcing businesses to comply with multiple regulations, and leaving many consumers without proper recourse and protections," the senators said.
Financial establishments, retailers, federal agencies or other entities that find that their information may have been compromised would be required to investigate the scope of any data breach and determine the type of information that was compromised.
Regulators, law enforcement and consumer reporting agencies would need to be notified if more than 5,000 consumers would be harmed by the breach. All consumers that are affected by the breach would also need to be notified.
Blunt said the amendment is critically important to ensuring that businesses and government agencies have the tools they need to strengthen the nation's data security.
"The idea behind the Carper-Blunt amendment makes a lot of sense. Retailers and others would no longer be able to duck responsibility when they are involved in data security breaches. It is an idea that has CUNA's full support," said Ryan Donovan, Credit Union National Association (CUNA) senior vice president of legislative affairs.
However, Donovan noted that the future of the underlying bill is in question. "Unless agreement is reached soon on which amendments to consider, it is unlikely that the Senate will be able to finalize consideration of this bill or any of the amendments before recessing at the end of this week," he said.
CUNA remains committed to ensuring that any data security measure passed by the U.S. Congress does not negatively impact credit unions.