Bill Would Require Notification of Breaches
Several House members introduced legislation that would require any processor, financial institution or electronic commerce participant to notify law enforcement, their regulator and all affected businesses or consumers immediately upon discovering that someone has stolen private information from them. The bill, called The Financial Data Protection Act of 2005, would also create a national security standard for online transactions to protect all sensitive consumer financial information or identities that may be available through e-commerce.
Introduction of the bill comes amidst growing reports of online data breaches, according to Rep. Michael Castle (R-DE), one of the chief sponsors of the measure. "We know of 50 database security breaches that have occurred since January 2005 that, taken together, could impact over 51 million Americans," said Castle. "The words 'identity theft' has become an all-too-familiar phrase in our everyday lives and consumers constantly worry about their sensitive information getting into the wrong hands."
The notification requirement was added after a controversy was raised when CardSystems Solutions waited for several months before notifying customers of the theft of data from as many as 40-million card accounts from bank and credit union issuers. The bill would also require any financial institution or company that has had its consumer information stolen to provide affected consumers with free credit monitoring so that they will be informed if attempts are made to use their confidential information.