Federal Legislative Update August 10, 2005

Data breach legislation

 

Senate Developments

 

Senate Commerce

 

The Senate Commerce Committee approved the Identity Theft Protection Act (S. 1408) on July 28, by voice vote.  It was amended by a substitute and several individual amendments.  These amendments eliminated a provision that would have granted state attorneys general authority over financial institutions covered by the Gramm-Leach-Bliley Act (GLBA), ensuring that bank regulators would have exclusive enforcement authority over banking entities.  The amendments also added language in the underlying text ensuring that banks would be subject only to GLBA security breach and notice rules, and not the new rules required for others under the Committee bill. 

 

 Click here to read S. 1408 as approved by the Senate Commerce Committee.

 

Senate Judiciary

 

As expected, the Senate Judiciary Committee did not mark up the Personal Data Privacy and Security Act (S. 1332) prior to the August recess.  In fact, the bill was placed directly on the Senate calendar, signaling that the Judiciary Committee will not mark up this legislation but instead will use it as a possible amendment to data breach legislation on the Senate floor.

 

Senate Banking

 

Senate Banking Committee Chairman Richard Shelby (R-AL) has made it clear that he intends to assert the Committee’s jurisdiction over this issue.  He introduced legislation (S. 1461) dealing with credit freezes on July 21, stating:

 

“My sole intent in introducing this legislation is to address a jurisdictional question that has recently arisen with respect to the Fair Credit Reporting Act.  I want to make sure that the referral precedent with respect to legislation that amends the Fair Credit Reporting Act, or touches upon the substance covered by that Act, is entirely clear.  I believe the Parliamentarian’s decision to refer this bill to the Senate Banking Committee establishes that there is no question in this regard and that this subject matter is definitively and singularly in the jurisdiction of the Senate Banking Committee.”

 

 

Senate Floor

 

Because of the involvement of multiple Committees, the Senate Republican leadership is well aware of the jurisdictional issues involved in bringing data breach legislation to the Senate floor, and must make some critical decisions before scheduling it.  Timing for action on data breach legislation is uncertain due to the crowded floor schedule in the Senate, including the pending Supreme Court nomination.

 

House Developments

 

House Financial Services

 

House Financial Services Committee staff are working during the August recess to meld two data security bills introduced last month:  H.R. 3375, by Reps. Deborah Pryce (R-OH), Mike Castle (R-DE), and Dennis Moore (D-KS); and H.R. 3374, by Reps. Steven LaTourette (R-OH) and Darlene Hooley (D-OR).  We anticipate that this will be a bipartisan effort and that it will be one of the major vehicles for data breach legislation in the House.  In addition, the Committee staff is likely to incorporate some provisions of a bill (H.R. 3140) introduced on June 30 by Committee Ranking Member Barney Frank (D-MA), and Reps. Melissa Bean (D-IL) and Artur Davis (D-AL).  H.R. 3140 would allow states to impose stricter security and notification requirements.

 

Energy and Commerce

 

The House Energy and Commerce Committee released a draft bill for comment on July 1.    A hearing was held on the draft on July 28, but the bill was not introduced prior to the August recess.  It is likely that the bill will be introduced in September and a markup is possible soon thereafter.

 

Other House Developments

 

The House Judiciary Committee, and perhaps the Ways and Means Committee, could also get involved in this issue, but as yet they have taken no action.  It is not clear at this point how or when the House Republican leadership intends to deal with data breach legislation.

 

Click here for the side-by-side comparison of the major House and Senate bills

 

Status of Legislation

--S. 1461, the Consumer Identity Protection and Security Act, was introduced by Senate Banking Committee Chairman Shelby on July 21.  The bill would establish procedures for consumers to place freezes on their credit reports, and was introduced with the “sole intent” to clarify that the Banking Committee has jurisdiction over any legislation that would amend the Fair Credit Reporting Act.  Click here to read the bill.

 

--S. 1408, the Identity Theft Protection Act, was introduced by Senate Commerce Committee Chairman Ted Stevens (R-AK), and Sens. Gordon Smith (R-OR) and Bill Nelson (D-FL) on July 14.  The Committee approved the legislation on July 28, by voice vote.

 

--S. 1332, the Personal Data Privacy and Security Act, was introduced by Senate Judiciary Committee Chairman Arlen Specter (R-PA) and Ranking Member Patrick Leahy (D-VT) on July 1.  The bill may be used as an amendment to other legislation on the Senate floor.  Click here to read the bill as introduced.

 

--S. 1326, the Notification of Risk to Personal Data Act, was introduced by Sen. Jeff Sessions (R-AL) on June 28.  Click here to read the bill.

 

--S. 751, also titled the Notification of Risk to Personal Data Act, was introduced by Sen. Dianne Feinstein (D-CA) on April 11.  Sens. Feinstein and Jon Kyl (R-AZ) are working on a revised version of the legislation that could be used as an amendment.  Click here for a draft revised version of the bill Click here for Sen. Feinstein’s press release, including a summary of the revised draft

 

--H.R. 3375, the Financial Data Security Act, was introduced by Reps. Pryce, Castle, and Moore on July 21.  Click here for Rep. Castle’s press release on the bill Click here for Rep. Pryce’s press release.

 

--H.R. 3374, the Consumer Notification and Financial Data Protection Act, was introduced by Reps. LaTourette and Hooley on July 21.  H.R. 3374 and H.R. 3375 are similar, although the latter would amend the Fair Credit Reporting Act, while the former is free-standing.  Click here for Rep. LaTourette’s press release.

 

--H.R. 3140, the Consumer Data Security and Notification Act, was introduced by Reps. Frank, Bean, and Davis, and 11 other Democratic Committee Members, on June 30.  The bill would allow states to impose stricter security and notification requirements.  Click here to read the bill Click here for Rep. Davis’ press release, including a summary of the bill.

 

--The House Energy and Commerce Committee is working on draft legislation, which could be introduced soon.

 

 

 

 

 
©1999-2007 New York Bankers Association. All rights reserved. The information presented here may not under any circumstances be resold or redistributed, by framing or similar means, without prior written permission from the New York Bankers Association. In addition, users of nyba.com should note the restrictions of providers of linked-to web sites on the information contained in those web sites, and to abide by all restrictions placed on that information by such providers.
home | about nyba | government relations | education & meetings | profit solutions | publications | resources | search | job bank
press room | consumer center | contact us | site map