Data Security Legislation Caught Up in Politics

WASHINGTON — Neither the House Financial Services Committee nor the Energy & Commerce Committee were willing to budge on their differing versions of data security legislation so the notion is likely dead for the year. Despite hard-core lobbying from the financial services sector in favor of the Financial Services bill, the Financial Data Protection Act (H.R. 3997), which contained a carve out for institutions under Gramm-Leach-Bliley, the two committees were unable to work out their differences. The Energy & Commerce bill, the Data Accountability and Trust Act (H.R. 4127), would have made the Federal Trade Commission a super-regulator over credit unions and others regarding data security with enforcement powers given to the states’ attorneys general. The issue became a hot topic after a number of highly publicized data breaches at various retailers. Banks and credit unions were hoping to get some sort of reimbursement provision for replacing potentially breached credit and debit cards. The two committees would have had to draw strict jurisdictional lines on the matter, possibly even putting out a financial services specific bill plus a more general one, but no one was willing to stake out their precise territory. CUNA Vice President for Legislative Affairs Dean Sagar said of Congress last week, “The only definite news is it looks like the data security bill is dead for the year.” The House adjourned for the August recess on Saturday, July 29, without an agreement on how to proceed. NAFCU Associate Director of Legislative Affairs Debbie Kwon-Moore said she had “heard rumblings” prior to the House adjournment to create a financial services-specific bill, but that never came to fruition because of objections from E&C Chairman Joe Barton (R-Texas). “So I think the leadership said nobody gets it,” she explained. Barton can wait out Financial Services Committee Chairman Mike Oxley (R-Ohio), who has announced his retirement at the end of this Congress. Kwon-Moore added, “The Senate may have a hearing in September but that’s a big ‘may.’” The bill currently in the Senate Banking Committee, S. 3568, the Data Security Act of 2006, includes a GLBA carve out and no credit freeze. “There are so few legislative days left, so it’s quite possible the Congress could end with no data security bill…but we’re still hopeful,” she said. NAFCU has formed a loose coalition with the banking trades to try to push a financial services-favorable bill through.