January 15, 2014

Carper, Blunt ready data protection bill in wake of Target breach

Jan. 15, 2014 – Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo., plan to introduce NAFCU-backed legislation today to expand breach notification requirements to all U.S. businesses without imposing new requirements on institutions – like credit unions – subject to Gramm-Leach-Bliley Act data protection measures.

Like similar legislation the senators proposed in 2012, the new bill is expected to provide a GLB Act carve-out – a measure that NAFCU deems essential in any new data security package. Breached entities would be responsible for investigating the scope of the breach and reporting the findings to appropriate agencies.

This and related efforts are picking up in the wake of the Target Corporation data breach. Target has now said its breach potentially affects up to 110 million consumers.

NAFCU President Dan Berger on Monday wrote Congress to reiterate the association's call for action on merchant data breaches.

Currently, credit unions pay the costs of cancelling and reissuing payment cards and helping members address potential account and identity theft following a merchant breach. "Any entity that stores financial or personally identifiable information should be held to minimum standards for protecting such data," Berger wrote in Monday's letters to House and Senate leaders.

Numerous congressional committees are looking at this issue and considering action. Among these panels are House Oversight, House Financial Services, House Energy and Commerce, Senate Commerce, Senate Banking and Senate Judiciary. NAFCU has reached out to each in its efforts to win action that would make merchants accountable for breaches on their end.