Sens. Tom Carper (D-Del.) and Roy Blunt (R-Mo.) introduced a data security bill on Wednesday that would require all U.S. entities that accept or compile sensitive personal or financial information to report security breaches.
“For millions of Americans, data breaches can cause worry and confusion and, in some cases, serious financial harm,” Carper said. “We cannot allow technology advances to outpace the security measures in place to safeguard the transactions we conduct in person and online. This bipartisan and comprehensive approach would better serve consumers by ensuring that businesses and government agencies take the steps necessary to secure personal and financial information and respond swiftly and effectively in the unfortunate event of a breach.”
The introduction of the bill comes just after Target announced that a recent security breach may have compromised the personal and financial information of up to 110 million consumers.
The Target breach has elicited criticism from the financial services industry, which has said that while banks and credit unions are subject to data protection measures under the Gramm-Leach-Bliley Act, retailers and other entities that store sensitive consumer data are not.
In a Monday letter to Congress, the National Association of Federal Credit Unions said financial institutions bear the costs of data breaches because they have to cancel and reissue payment cards, as well as address potential identity and account theft after a merchant breach occurs.
“Any entity that stores financial or personally identifiable information should be held to minimum standards for protecting such data,” NAFCU President Dan Berger said.
The Data Security Act introduced by Carper and Blunt would replace state laws with a set of federal standards and would require the entity that experienced the breach to fully investigate the scope of the breach, type of compromised information and determine the risk posed to consumers.
“New technologies pose new opportunities—as well as new security challenges,” Blunt said. “As recent headlines have once again reminded us, now is the time to strengthen our nation’s data security and defend consumers against data breaches by both businesses and government agencies.”