From CUNA News Now, June 4, 2009:
WASHINGTON (6/4/09)--H.R. 2221, the Data Accountability and Trust Act, passed the House subcommittee on commerce, trade, and consumer protection by a voice vote during a Wednesday markup session.
The bill, which was introduced by House Subcommittee Chair Rep. Bobby Rush (D-Ill.), would require businesses to notify affected customers when outside parties gain access to sensitive information due to a security breach.
Although it supports the goal of granting greater information to consumers whose personal information has been compromised by security breaches, the Credit Union National Association (CUNA) on Wednesday asked legislators to alter some portions of the bill.
In a letter to ranking subcommittee members, CUNA said that while most businesses lack the contact information needed to alert their customers, financial institutions normally have the means to directly communicate with their account holders.
While any notification of data breach victims should be done by the financial institutions, the cost of this notification should be covered by the entity that compromised the data. Financial institutions should also be allowed to disclose the source of the information leak to their cardholders to avoid any harm that could be done to their reputation, CUNA added.
The bill, as currently drafted, excludes federally insured credit unions from Federal Trade Commission (FTC) oversight of their security risk mitigation procedures. However, businesses following standard security precautions of equal or greater quality to those set out by the bill would be deemed compliant by the FTC.
The House subcommittee, during the same markup session, voted 16 to 9 to approve H.R. 2309, the Consumer Credit and Debt Protection Act. This bill would direct the FTC to examine its existing rules and possibly to create new rules governing debt settlements and auto sales. The bill would also enhance the FTC's rulemaking authority as it relates to consumer credit and debt.
The House Energy and Commerce Committee has not announced when it may consider these bill.