WASHINGTON (5/27/14)--Sen. Robert Menendez (D-N.J.) and Rep. Albio Sires (D-N.J.) have introduced new data security legislation in the wake of eBay's announcement Wednesday that users' personal information may have been compromised. The Menendez-Sires Commercial Privacy Bill of Rights aims to increase consumer protections and, in the event of a data breach, hold corporations accountable.
The proposed bill would do the following:
Since the Target data security breach last holiday season, breaches at Michaels, Neiman Marcus have also followed, with eBay being the most recent high-profile example. (See related story: Compromised non-payment card data on the rise: Trustwave.)
In a response to a letter from Menendez following the Target breach, Federal Trade Commission (FTC) Chair Edith Ramirez urged Congress to enact data security legislation that gives the FTC civil penalty authority and recommended that Congress establish a general federal breach notification requirement.
"When we shop, every consumer assumes that companies will protect their data by any means necessary. Yet in the last year, we have read far too many stories about hackers getting past corporations' security systems," Menendez said.
The legislation would only apply to entities covered by the FTC that collect, use, transfer, or store certain information concerning more than 5,000 people during a 12-month period. While the bill will be enforced by the attorney general, state attorneys general and the FTC, private suits based on the law would be prohibited.
The Credit Union National Association has asked Congress to address data security relative to merchants, who are not held to the same standards of security as credit union and other financial institutions.