NEW: Broad House data security bill introduced with strong CUNA support
May 1, 2015
WASHINGTON (5/1/15, UPDATED 12:00 p.m. ET)--A bill that would establish a national data security standard was introduced this morning, and has CUNA's strong support. The Data Protection Act of 2015 was introduced by Reps. Randy Neugebauer (R-Texas) and John Carney (D-Del.), and would establish a process for companies of all sizes to follow in order to secure consumer data.
"I thank Reps. Neugebauer and Carney for their leadership on data breach issues and their commitment to protect the financial data of all Americans," said Jim Nussle, president/CEO of CUNA. "Those who accept cards as payment must be held to the same standard as those who issue cards for payment."
The legislation would apply to companies that do not currently have a federal obligation to protect consumer information.
Under the bill, each covered entity must:
Develop and maintain an effective information security program tailored to the complexity and scope of its operations, and the sensitivity of its data;
Oversee service providers with access to customer information, including requiring service providers by contract to take appropriate steps to protect the security and confidentiality of this information;
Train staff to prepare and implement its information security program;
Test key controls, systems and procedures of its information security program; and
Adjust its information security program to reflect the results of its ongoing risk assessment.
The bill is based generally on interagency information security standards issued by the Federal Trade Commission and federal banking agencies.
CUNA, along with other financial trade organizations, has previously written to members of Congress outlining a number of principles that should be present in any data breach legislation.