October 5, 2005 9:54 AM PDT
Another data security bill in the works
- Related Stories
Data-security bill may move forward next weekSeptember 30, 2005
Visa delays plan to cut ties with CardSystemsSeptember 29, 2005
Putting the squeeze on credit card fraudSeptember 9, 2005
Senators propose sweeping data-security billJune 29, 2005
Credit card breach exposes 40 million accountsJune 17, 2005
Making the wrong move against spywareMay 2, 2005
LexisNexis flap draws outcry from CongressApril 12, 2005
Rep. Mike Castle, a Delaware Republican, said at a Visa cardholder security conference here that he plans to introduce "in the next couple of days" a revised version of the bill that he has been working on since February with the U.S. House of Representatives financial-services subcommittee.
Castle said he expected to hold a hearing on the bill by the end of the month. "After that, it's anybody's guess," he said.
The measure would join a medley of proposals pending in the U.S. Senate, including one introduced by two Senate Committee on the Judiciary leaders that could go to a vote as soon as Thursday. A series of high-profile breaches this year has prompted the sharp congressional interest.
Castle said his legislation would require that all businesses handling sensitive information such as Social Security, driver's license or credit card numbers in combination with personal data such as names and addresses must "secure" that data. This requirement echoes those that many state governments have enacted.
The measure would also require "prompt investigation of breaches," in which sensitive data may have been compromised, and companies would have to "notify business partners, law enforcement and functional regulators right away," Castle said. Businesses that experience breaches would also be required to offer free credit-monitoring services at their expense.
"This data is valuable to you and to consumers," the Delaware congressman told the audience, which included representatives from the banking, retail, government, law enforcement and high-tech industries. "Treat it with care, and safeguard it from abuse or misuse."
Visa CEO John Philip Coghlan, speaking after Castle, backed the idea of federal legislation that would establish national rules and eradicate the "patchwork quilt" of state laws governing data protection standards and breach notification to consumers.
Coghlan, whose company found some of its cardholders affected by a wide-ranging breach in June, said existing rules should be broadened to cover not just financial companies but all entities that use sensitive personal information. He threw his support behind the heightening of criminal penalties for identity theft, proposed in a sweeping bill advanced by Sen. Arlen Specter and Sen. Patrick Leahy.
"Our rules are not enough, our procedures are not enough, and our protections are not enough," he said. "All of the technology in the world just isn't going to be good enough."
2 commentsJoin the conversation! Add your comment