Following Target Breach, Data Security Bills Ready In Senate

WASHINGTON — Following the recent security breach at Target Corp. that compromised more than 40 million debit and credit cards, two bills on data security have emerged in the Senate.

Sen. Patrick Leahy (D-Vt.), the chairman of the Senate Judiciary Committee, reintroduced a data privacy bill Wednesday and said on the Senate floor that the issue would be discussed in a committee hearing early this session.

Senate Homeland Security and Government Affairs Committee Chairman Sen. Tom Carper (D-Del.), also plans to reintroduce a measure to place retailers under some of the same data security requirements now followed by financial institutions.

Leahy's bill includes a provision to establish criminal penalties for willfully concealing a security breach of personal data when it causes economic damage to consumers.

In the wake of the Target breach, both NAFCU and CUNA, as well as a number of credit union executives, have been calling on Congress to create rules requiring greater payment data security from retailers.

Last month, NAFCU President and CEO Dan Berger urged passage of a series of measures, including:

• A requirement that merchants be accountable for costs of breaches on their end.
• A requirement that any business entity responsible for the storage of consumer data meet standards similar to the Gramm-Leach-Bliley Act requirements for credit unions and other financial institutions.
• A requirement that merchants post their data security policies at the point of sale if they take sensitive financial data.
• A requirement for the timely disclosure of the identities of breached companies and merchants.
• Measures to address violations of existing agreements and law on electronic retention of payment card information.
• Notification of the account servicer or owner of any compromised personally identifiable information associated with the account.
• A duty for any breached merchant or retailer to demonstrate all necessary precautions were taken to guard data.

CUNA President Bill Cheney has stated that the Target breach calls for greater security measures among retailers.
"This latest breach — while at this point reportedly smaller than the March 2007 TJX Cos. Inc. breach — once more raises the issue of the retailers' responsibility in securing information for card transactions at their stores," Cheney said. "Credit unions and other financials typically foot the bill for the breaches, in the form of issuing new cards and other security responses — as well as the reputational costs to member and customer trust in financial transactions using cards."

Sens. Al Franken (D-Minn.), Chuck Schumer (D-N.Y.) and Richard Blumenthal (D-Conn) are cosponsors of Leahy's bill.