Data Security Legislation Caught in Jurisdictional Logjam
WASHINGTON -- Legislation backed by the financial services industry that could potentially name the source of data security breaches and require reimbursement by retailers where the breaches occurred is stalled.
"At the Fed level, data security is still at several committees. They have not broken the jurisdictional logjam that they'd hoped to," CUNA Lobbyist John Magill said. According to Magill, House Financial Services Committee Chairman Barney Frank (D-Mass.) wanted to convene a small group of the legislators involved to agree on principles in common "but that was unsuccessful as I understand it," Magill explained. "[House Energy & Commerce Committee Chairman John] Dingell (D-Mich.) decided he was going to go his own way."
He added, "To my understanding, it's still in bits and pieces out there. I won't say it's on the back burner, but it's certainly not on the front burner in terms of moving a single piece of legislation."
Some states are still working on the issue like Texas, California, and Massachusetts but Minnesota last week had its bill signed into law that will provide reimbursement for credit card issuers for expenses related to security breaches. CUNA Vice President of State Governmental Affairs Chris Johnson called the Minnesota bill's provision prohibiting retailers from holding information beyond 48 hours of the transaction and "unusual but rather brave stance." He added that jurisdictional questions remain there that he expects to be sorted out in the courts.