New data security bill introduced

A bill introduced Monday by Sen. Bob Bennett (R-Utah) and Sen.Tom Carper (D-Del.) both of whom serve on the Senate BankingCommittee, joins a growing list of data security measures nowpending before Congress.

The proposed Data Security Act of 2006 seeks to create anational data protection and breach notification standard.

“This bill would require all financial institutions, retailersand government agencies to maintain strong internal safetyprotections for the data they hold,” Carper said in a statement. Itwould also require them to “quickly investigate” security breachesand to notify law enforcement, regulators and customers when thereis a real risk of harm, he said.

The proposed bill would expand the reach of current laws thatrequire only financial institutions to protect the security andconfidentiality of customer information, Bennett said in a separatestatement.

The Bennett-Carper legislation is modeled after theGramm-Leach-Bliley Act of 1999 and will require federal and stateregulators to enforce compliance with the law and to make sure thatdata security procedures are uniformly applied.

If covered entities fail to comply with the measure’srequirements, regulators would be allowed to levy fines, imposecorrective measures or “even bar individuals from working in theirrespective industries,” according to a statement on Carper’s Website.

The latest proposal comes amid heightened calls for some sort offederal data security legislation in the wake of recently disclosedbreaches at the U.S. Department of Veterans Affairs and severalother government agencies.

There are already at least 10 other pieces of legislationpending before Congress, all of them introduced before the VAbreach. Among them is the Financial Data Protection Act of 2005,which the House Financial Services Committee passed in March. Thatbill is designed to give financial services companies a nationalstandard for securing personal data and notifying customers in theevent of a breach.

That proposed legislation has drawn intense criticism fromprivacy advocacy groups who say it would undermine stronger statelaws already in place by giving companies too much leeway indeciding when to disclose breaches.

Another example of pending legislation is the DataAccountability and Trust Act (DATA), which was introduced inOctober by Rep. Cliff Stearns (R-Fla.). That bill would requirecompanies to notify consumers of security breaches involving theirdata and would give the Federal Trade Commission the authority toenforce compliance.

The measure would also require data aggregators, such asChoicePoint Inc., to keep the FTC informed about plans forsafeguarding private data and to submit to periodic audits in theevent of a breach. Stearns’ legislation has also drawn fire forallowing companies too much discretion in deciding when to notifyregulators and others about breaches

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now