Bill Would Require Immediate NotificationOf Data Breaches

WASHINGTON - (10/07/05) -- Several House members introducedlegislation Thursday night that would require any processor,financial institution or electronic commerce participant to notifylaw enforcement, their regulator and all affected businesses orconsumers immediately upon discovering that someone has stolenprivate information from them. The bill, called The Financial DataProtection Act of 2005, would also create a national securitystandard for online transactions to protect all sensitive consumerfinancial information or identities that may be available throughe-commerce. Introduction of the bill comes amidst growing reportsof online data breaches, according to Rep. Michael Castle, R-Del.,one of the chief sponsors of the measure. "We know of 50 databasesecurity breaches that have occurred since January 2005 that, takentogether, could impact over 51 million Americans," said Castle."The words 'identity theft' has become an all-too-familiar phrasein our everyday lives and consumers constantly worry about theirsensitive information getting into the wrong hands." Thenotification requirement was added after a controversy was raisedwhen CardSystems Solutions waited for several months beforenotifying customers of the theft of data from as many as 40 millioncard accounts from bank and credit union issuers. The bill wouldalso require any financial institution or company that has had itsconsumer information stolen to provide affected consumers with freecredit monitoring so that they will be informed if attempts aremade to use their confidential information.