Financial Services Committee Members Introduce Comprehensive Bipartisan Consumer Data Protection Legislation
October 7, 2005
Rep. Steven C. LaTourette (OH), Rep. Darlene Hooley (OR), Rep. Michael N. Castle (DE), Domestic and International Monetary Policy Subcommittee Chairman Deborah Pryce (OH), and Rep. Dennis Moore (KS) introduced legislation that would safeguard sensitive consumer information, fight identity theft, and create a uniform standard for notifying consumers of data breaches.
The Financial Data Protection Act of 2005 would: prevent data breaches by mandating a strong national standard for the protection of sensitive consumer information; require institutions to notify consumers that their information has been compromised and could be used by identity thieves; and require institutions to provide consumers with a free six month nationwide credit monitoring service upon notification of a breach.
Rep. LaTourette said, “This legislation is right for consumers, and right for the countless businesses that so often deal with sensitive financial data. We established a nationwide credit granting system with the Fair Credit Reporting Act and the FACT Act, and while that system has benefited countless consumers, it has also spawned databases and records that for too long have been able to exist without the security safeguards necessary to protect the information. In the wake of security breaches that have exposed millions of Americans to the risk of account fraud or identity theft, the time is right for the Financial Services Committee and this Congress to act.”
Rep. Darlene Hooley said, “Since drafting my first identity theft bill with Rep. LaTourette in 2000, the number of incidents reported to the FTC has increased eight-fold. Reversing this trend requires Congress and the private sector to work in tandem in safeguarding sensitive personal information and informing consumers in a timely and uniform fashion when their personal financial data is placed at risk by a security breach. Our free credit report law has helped consumers spot fraud; this new legislation will help stop fraud.”
Recently, there have been a number of high-profile cases of compromised data files at well-known companies. With more and more sensitive information becoming part of the everyday exchange of records among businesses, consumers are increasingly concerned about companies’ data security policies and post-breach procedures.
Rep. Castle said, “We know of 50 database security breaches that have occurred since January 2005 that, taken together, could impact over 51 million Americans. The words "identity theft" has become an all-too-familiar phrase in our everyday lives and consumers constantly worry about their sensitive information getting into the wrong hands."
Victims of identity theft spend on average 90 hours of their own time and $1,700 in out of pocket expenses resolving the problem. In some cases, victims have to change their Social Security numbers or phone numbers in order to free themselves of the effects of identity theft.
Subcommittee Chairman Pryce said, “With introduction of this bill, we are one step closer to developing a comprehensive approach to securing consumer data. The current patchwork of laws across the country does little to protect Americans from a breach of their personal information. Consumers deserve to know that their information is safe and companies have a duty to act when data has been breached.”
The Federal Trade Commission (FTC) estimates that 10 million Americans fall victim to identity theft each year, costing consumers and businesses more than $55 billion per year. Identity theft is the most frequent complaint to the FTC from all 50 states with the number of complaints having grown for the fourth consecutive year.
Rep. Moore said, “Congress should be doing all we can to prevent data breaches and protect consumers from the devastating effects of identity theft. This bipartisan legislation will do just that by developing a uniform national standard to create a level of certainty for both consumers and national businesses.”
The Financial Services Committee has held three hearing so far this Congress on the issue of personal data security. A full Committee hearing was held on May 4, a Financial Institutions and Consumer Credit Subcommittee hearing was held on May 18, and an Oversight and Investigations Subcommittee hearing was held on July 21.
House Financial Services Committee Chairman Michael G. Oxley (OH) said, “I commend my colleagues, Reps. LaTourette, Hooley, Castle, Pryce, and Moore, who have been hard at work on this initiative to protect consumers’ sensitive information from being misused. The bill would ensure that consumers receive prompt and effective notice when sensitive information has been compromised and puts them at risk of identity theft or account fraud. This legislation is a bold next step in protecting consumers from identity thieves, computer hackers, and other criminals who will always be searching for ways to steal Social Security numbers and other personal information. It is critical that consumers have the information and the tools they need to fight identity thieves and to repair their credit histories after identity attacks.”
The Financial Data Protection Act of 2005 would:
- Prevent Breaches of Data:
Creates a strong uniform national security standard that requires businesses to protect any sensitive consumer financial account or identity information they may possess.
- Mandate an Investigation Upon Discovery of a Breach:
If there is a data security breach involving sensitive financial account or sensitive financial identity information, then the breached organization would have to notify law enforcement, their regulator, and other businesses that maintain or service the affected data.
- Provide Notice:
After an investigation if it is determined the breached information is reasonably likely to be misused, there would be a requirement to notify the consumer.
- Provide Financial Fraud Mitigation to the Consumer:
A breached organization would be required to provide consumers free of charge, a service that monitors consumer credit files so they will be informed if attempts are made to open a new line of credit in their name.
- Create Additional Regulations:
Standards would be jointly issued by the Secretary of the Treasury, the Federal Reserve Board and the Federal Trade Commission, and would be prescribed and enforced by each organization’s functional regulator.
- Provide a Safe Harbor:
There is a safe harbor from lawsuits if reasonable polices and procedures are in place and mitigation services such as credit monitoring are provided. The legislation would permit administrative action by the functional regulator.