Reps. Randy Neugebauer (R-Texas) and John Carney (D-Del.) today introduced the bipartisan Data Security Act (H.R. 2205), which would establish a national data security and breach notification standard for financial institutions and retailers.
ABA and several other financial trade groups welcomed the bill, whose goals are part of ABA’s Agenda for America’s Hometown Banks. “In our view, protecting consumer information is a shared responsibility of all parties involved,” the groups said. “This important legislation ensures all entities that handle consumers’ sensitive financial data have in place a robust process to protect data, which can help prevent breaches from happening in the first place.”
Like a similar Senate bill introduced by Roy Blunt (R-Mo.) and Tom Carper (D-Del.), H.R. 2205 models its security and notification requirements on the rigorous standards already in place in the financial industry under the Gramm-Leach-Bliley Act and recognizes that financial institutions do not need a duplicative set of requirements.
The bill would replace state laws with a single set of national data security requirements that are scalable to accommodate the needs of smaller businesses. It would require a company experiencing a breach to notify all affected customers, as well as federal agencies, law enforcement and consumer credit agencies when a breach affects more than 5,000 individuals.
“This comprehensive approach would better serve consumers by making it easier for businesses and government agencies to take the steps necessary to adequately protect all Americans from identity theft and account fraud,” ABA and other groups said.