Congress Wants Consumer Notice On OnlineBreaches

WASHINGTON - (07/25/05) -- Congress continued to grapple lastweek with the recent flurry of online data theft by introducing twomore bills that would require consumer notification in the case ofpersonal information theft. The first, cosponsored by Reps. StevenLaTourette, R-Ohio, and Darlene Hooley, D-Ore., would requirecredit union as well as banks, retailers, data brokers and creditbureaus to notify consumers when a data breach may put personalfinancial information at risk. The second, introduced by Rep.Deobrah Pryce, R-Ohio, would require new uniform security standardsfor sensitive account information and an easily identifiable noticeto be sent to consumers when personal information has beencompromised. The latest proposals were introduced as Congress heldhearings last week on the largest data breach of all, the potentialtheft of information from as many as 40 million consumer accountsfrom credit cards processor CardSystems Solutions. Credit unionsofficials criticized the company because it waited months to notifycredit unions of the data breach, delaying their ability to notifymembers of the possibiliy of fraudulent use of their accounts. Atop executive at CardSystems told lawmakers during the hearings hiscompany will go bankrupt if Visa and America Express follow throughwith threats to terminate their business with the Atlanta-basedprocessor based on the data breach and its aftermath.