• Credit
• Data Breach
• Fraud
• Identity Theft
• Other News
• Privacy
• Reviews
• Scams
• Tips
• Truston

« Previous Post | Blog Home | Next Post »

Financial services industry on data security

Posted on Jul 10, 2006 by Tom Fragala

The AFSA, which respresent a big swath of the financial services industry, has weighed in with their thoughts on the data breach bills working their way through the U.S. House. Their goals with any legislation are, not surprisingly, vastly different than the most vocal consumer advocates. For example, the AFSA itself points out the battles going on over legislation in the house:

On May 24, the House committees on Financial Services and Energy and Commerce took turns marking up the other group's bill on data security. Both committees, as expected, struck the entirety of the other committee's bill, replacing it with their own. The mark-ups were a procedural move in what has become a skirmish over which committee has jurisdiction over the issue of data security.

AFSA favors the Financial Services Committee's bill, HR. 3997, The Financial Data Protection Act of 2005, as opposed to the Energy and Commerce bill, HR. 4127, The Data Accountability and Trust Act. On May 17, AFSA sent a letter to House Leadership outlining the organization's reasons for this support. The two committees are currently meeting to discuss possible compromises on their two very different bills.

In addition to these two bills, the House Committee on the Judiciary has also introduced and passed through committee H.R. 5318, Cyber-Security Enhancement and Consumer Data Protection Act of 2006. In short, this bill assigns criminal penalties to those who commit identity theft, as well as those companies that knowingly—with the intent to prevent, obstruct or impede a lawful investigation of such a breach—fail to provide notice of such a breach to the authorities.

And the AFSA makes very clear what the financial services industry (generally speaking) wants.

AFSA Federal Government Affairs is actively involved in communicating the principles a final bill must have to gain industry support. These include: 1) uniform national standard with a strong federal preemption; 2) no state attorney general enforcement; 3) the breach notification trigger currently in H.R. 3997; 4) enforcement and oversight by the current functional regulator; and 5) a reasonable credit freeze provision, that is, allowing only victims of identity theft "freeze" their active credit file.