Sens. Roy Blunt (R-Mo.) and Tom Carper (D-Del.) yesterday introduced the Data Security Act (S. 961), which would require companies and agencies to better guard sensitive data, investigate breaches and notify consumers about compromised information.
ABA President and CEO Frank Keating welcomed the effort to raise data security standards, which is part of ABA’s Agenda for America’s Hometown Banks. “This bill is especially timely in light of recent data security breaches at major retailers that put millions of consumers at risk,” he said. “ABA member banks’ first priority is to protect consumers and make them whole regardless of where a breach occurs.”
S. 921 imposes shared data protection requirements for all companies that handle personal information. The bill’s security and notification requirements are modeled on the rigorous standards already in place in the financial industry under the Gramm-Leach-Bliley Act.
The bill would replace state laws with a single set of national requirements. It would require a company experiencing a breach to notify all affected customers, as well as federal agencies, law enforcement and consumer credit agencies when a breach affects more than 5,000 individuals.
“This comprehensive approach would better serve consumers by requiring businesses to take whatever steps are necessary to adequately protect all Americans from identity theft and account fraud,” Keating added. “We must work together to combat increasingly sophisticated efforts to breach the payments system.”