Washington–The House Financial Services Committee is scheduled to act Wednesday on legislation establishing a national standard on data security.
Several Senate committees are also working on similar legislation. The Senate Banking Committee, among other panels, is drafting a bill, but it is unclear when the measure will be unveiled and acted on in that committee.
The House legislation was introduced last October. It would bar states from imposing their own standards, but would at the same time mandate that state regulators enforce the standards as they relate to insurance companies.
That issue is critical to supporters of continued state regulation of insurers, and was accepted by the committee leadership despite efforts from some corners of the industry to have the Treasury Department or the Federal Trade Commission oversee insurance industry compliance with the law.
The bill, introduced with bipartisan support, would safeguard sensitive consumer information, fight identity theft, and create a uniform standard for notifying consumers of data breaches.
The panel notified congressional staff and industry lobbyists late Friday of its plans to include the bill with several others it will act on Wednesday.
When it was introduced last October, the National Association of Mutual Insurance Companies said it would support the bill, which it called “a reasonable attempt to address consumers' concerns about identity theft in a way that reflects the practicality of business operations.”
Data security is becoming a priority in Congress, especially since the records of several credit card processing companies were breached this summer.
The bill aims to prevent such incursions by mandating a strong national standard for the protection of sensitive consumer information.
It would require institutions to notify consumers when their information has been compromised and could be used by identity thieves. Institutions would be required to provide consumers with a free six-month nationwide credit monitoring service upon notification of a breach.
David Winston, NAMIC senior vice president for federal affairs, said the bill is supportable because it requires notice to consumers only if it is determined that the breached information is “reasonably likely to be misused.”
“This is an important qualifier because there are many breaches that do not present such a risk and requiring disclosure of all breaches would overwhelm businesses and likely produce such frequent consumer notices that consumers would just throw them away,” Mr. Winston said.
Other provisions that make the bill supportable for small insurers, Mr. Winston said, include a mandate that its provisions will be enforced by an institution's functional regulator.
“In the case of insurers, this would mean the regulator in the state of domiciliary,” he explained, adding, “This is very important as the enforcer could have been the Treasury Department or the Federal Trade Commission.”
The bill also provides a safe harbor from lawsuits if reasonable policies and procedures are in place and mitigation services such as credit monitoring are provided, he said.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
