The House Financial Services Committee voted this month, with a strong 46-9 margin, to advance the Data Security Act of 2015 (H.R. 2205), legislation introduced by Reps. Randy Neugebauer and John Carney. HR 2205, modelled on the Gramm-Leach-Bliley Act, would establish data security and breach notification standards for the financial and retail industries.
The proposed bill, the Data Security Act of 2015, would create uniform data security and breach notification standards, pre-empting any related State laws, with enforcement to be provided by the Federal Trade Commission (FTC). The bill is modelled after the Gramm-Leach-Bliley Act, which requires financial institutions and companies that offer financial products to safeguard sensitive data, with specific guidance under its Safeguards Rule to protect that data. The proposed bill mirrors these standards, in the aim to avoid a duplicative set of requirements that may be imposed upon financial institutions and retailers by State requirements.
This bill is one attempt to provide industry-level uniformity for data security requirements. The financial and retail industries, like many others, are facing a complex regulatory environment with standards and enforcements from multiple governing bodies, industry-wide and at the State level. There is the argument that dealing with multiple compliance requirements could distract organizations from focusing on their specific risk requirements. There is no question that the potential fallout of a data breach is costly under the governance of multiple distinct bodies, not to mention class-action suits. It will be interesting to see if this proposed bill will effectively supersede State requirements.
Learn how Absolute Software can help your organization navigate the choppy regulatory landscape and to mitigate data security risks at Absolute.com.