WASHINGTON (3/26/15)--A data security bill passed the House Energy subcommittee on commerce, manufacturing and trade Wednesday, and it included a CUNA-supported technical correction amendment.
The amendment exempts both federal- and state-chartered financial institutions from the bill because those institutions already are subject to strict security standards under the Gramm-Leach-Bliley Act.
The Data Security and Breach Notification Act of 2015 would require certain entities that collect and maintain personal information of individuals to secure such information. The breached entity must also provide notice to such individuals within 30 days of determining the scope of the breach.
A violation of the act would be classified as an unfair or deceptive act or practice under the Federal Trade Commission Act, and would be enforced by the FTC or state attorneys general.
CUNA has pushed for stricter standards than the current bill calls for, particularly in the area of merchant data security standards. Along with other financial trade organizations, CUNA outlined those principles in letters to Congress last month.