The Direct Marketing Association said yesterday it was generally pleased with the data privacy bill making its way through the U.S. Senate.
Sens. Bob Bennett, R-UT, and Tom Carper, D-DE, introduced a bill this week to better protect personal data held by institutions, including financial services firms, retailers and government agencies.
The Data Security Act of 2006, if enacted into law, would create a uniform national standard to safeguard data on Social Security, driver’s licenses, credit cards and account access codes and passwords.
The bill, S. 3568, is being referred to the Committee on Banking, Housing, and Urban Affairs for hearings and eventual committee action. The bill is the sixth data security bill that has been introduced this year in the House and Senate.
“While there are several other bills out there, we generally support this one,” said Stephanie Hendricks, a DMA spokeswoman. “It has everything we were hoping to see from a data security standpoint.”
S. 3568 covers any information — online and off – that could be used to commit identity theft or account fraud at businesses and government institutions, which would be required to safeguard all paper and electronic records.
“The conveniences and efficiencies of the Information Age, which have brought economic benefits and improved quality of life, have also brought new challenges,” said Sen. Bennett, chairman of the Senate Banking Subcommittee on Financial Institutions, in a statement. “Thieves, cheats, and other criminals have also entered the Information Age, and are using information technology to steal from many of us. Too many Americans have become victims of identity theft or account fraud, and these crimes are increasing at an alarming rate.”
The bill requires that all entities, not just financial institutions, safeguard sensitive information and notify consumers when information is breached in a way that could lead to identity theft or account fraud.
The Bennett-Carper legislation creates a uniform national standard to safeguard sensitive information and provide consumer notification of security breaches.
It also models enforcement provisions after the GLB blueprint so federal and state regulators who oversee financial institutions, and other entities that have this information, are equipped with the tools to enforce these protections against data security breaches and help consumers mitigate the problems that result.
Key points of The Data Security Act of 2006:
· Creates a Uniform National Standard
· Includes Risk-based Trigger for Consumer Notification of Data Breach
· Ensures State and Federal Functional Regulators Have Right to Enforce Requirements of Data Security Breach