Senators Introduce Data Security Bill to set Federal Standard, Preempt States
|July 11, 2013|
New legislation introduced in the Senate in June would create a single federal standard for data security and breach notification across all industries. While this legislation would not impact ALTA members because they are already regulated by Gramm-Leach-Bliley, it shows the government is focused on protecting non-public personal information (NPI).
Introduced by Sens. Pat Toomey (PA), Angus King (ME), John Thune (SD), Dean Heller (NV), Roy Blunt (MI), Marco Rubio (FL) and Dan Coats (IN), Data Security and Breach Notification Act of 2013 (S. 1193) would preempt data breach notification laws currently in effect in 46 states and the District of Columbia and require covered entities to take “reasonable measures” to protect and secure data in electronic form that contains “personal information.” If data is compromised or there is a reasonable belief that data has been accessed by an unauthorized person and that breach could cause identity theft or other actual financial harm, then the covered entity must provide notification to the affected individuals.
The legislation would be similar to how the Gramm-Leach-Bliley Act (GLB) works for financial firms. Exempt from the legislation would be financial institutions—including ALTA members—that are already subject to title V of the GLB Act. Passed in 1999, GLB imposes three basic requirements: