Magazine article American Banker

Senate Judiciary Chiefs Offer Bill on Data Security

Magazine article American Banker

Senate Judiciary Chiefs Offer Bill on Data Security

Article excerpt

WASHINGTON -- On Wednesday, the Senate Judiciary Committee became the first of at least four panels to tackle comprehensive data security legislation.

The committee's chairman, Sen. Arlen Specter, R-Pa., and its ranking Democrat, Sen. Patrick Leahy of Vermont, introduced a sweeping bill that would set tough federal rules and criminal penalties for companies that handle consumer information but would leave the door open for states to legislate in other areas of data protection.

"Our legislation ... carefully balances the need for federal uniformity and state leadership," Sen. Leahy said in a statement. "The role of states is important, and our bill identifies areas that require uniformity while leaving the sates free to act elsewhere as they see fit."

"You have reputable companies not doing what they should. The statute is going to impose standards on how they operate," Sen. Specter said at a news conference. "It will be a very strong sign that the Congress...is looking at them."

Senate Commerce Committee leaders plan to introduce competing legislation as early as today, and bills being written in the House Financial Services and House Energy and Commerce committees are expected to be introduced next month.

The Specter-Leahy bill sets out procedures for when companies - including financial services firms that already must comply with federal guidelines for breach notification - must tell customers about security lapses. Notice would be required for any breach unless the company determined in consultation with federal and state law enforcement that the risk of harm was "de minimis" or the compromised data is encrypted or otherwise cannot be used to harm consumers, according to a summary of the bill.

It appears to allow financial services companies to continuing operating under existing federal guidelines for breach notifications.

"If there is a breach, it is going to be very difficult, based on the standard of having to consult with federal law enforcement and the attorney general of each state that is affected, to avoid sending out notices," said Gilbert Schwartz, a partner in Schwartz & Ballen LLP. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed

Oops!

An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.