Two members of the House Financial Services Committee—one Republican and one Democrat—are circulating draft legislation that would set a national data security standard and require prompt notification when a data breach occurs.
House Financial Institutions Subcommittee Chairman Blaine Luetkemeyer (R-Mo.) and Rep. Carolyn Maloney (D-N.Y). are circulating a discussion draft of legislation.
Credit union trade groups have been pushing for this type of legislation. They say that merchants should be held to the same standards they are and should pay the costs of data breaches.
However, competing interests have stalled data security legislation in the past. The Financial Services Committee has been considered more favorable to financial institutions, while the House Energy and Commerce Committee has favored merchants.
The legislation would require anyone handling sensitive information to “develop, implement, and maintain administrative, technical, and physical safeguards that are reasonably designed to protect information from unauthorized acquisition that is reasonably likely to result in identity theft, fraud or economic loss.”
The draft bill also requires consumer notification when data breaches occur, states that any federal law supersedes state laws and gives the Federal Trade Commission enforcement powers.
CUNA officials said they were pleased with the draft legislation, which follows a Wednesday subcommittee hearing featuring a representative of the group.
“It is critical that we enhance security to reduce the impact that merchant data breaches have on credit unions, other financial institutions and consumers. We are pleased to see the committee is aligned on creating a strong national data security standard,” said CUNA President/CEO Jim Nussle.
