Financial Industry Pushing Measure to Give Retailers New Data-Security Duties

WASHINGTON — Retailers and government agencies would have new responsibilities for protecting customer information under a bipartisan amendment to Senate cyber-security legislation.

The amendment, introduced Tuesday by Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo., quickly drew support from the National Association of Federal Credit Unions, which noted that financial institutions have been subject to national data security standards for more than a decade.

"However, retailers and many other entities that handle sensitive personal financial data are not subject to the same standards, and all too often their customers become victims of data breaches and data theft due to their lack of security," the credit union trade group said in a statement.

For banks and other financial institutions, the amendment could relieve some of the data-security burden that they currently bear.

Carper and Blunt said in a statement that the new requirements would apply to retailers, data brokers that compile private information and federal agencies that have such data. Currently, such entities are subject to various data security requirements at the state level, but those standards often conflict with each other, according to the two senators.

Under their amendment, businesses and government agencies would be required to investigate data breaches and determine whether the information will likely be misused. Depending on what they find, the business or government agency would be required to notify appropriate authorities.

The amendment could be voted on this week as the Senate considers a cyber-security bill.

For reprint and licensing requests for this article, click here.
Law and regulation
MORE FROM AMERICAN BANKER