Financial Update - Volume 19, Number 3 - New Bills Seek Tougher Data Security Standards

Financial Update
Vol. 19, No. 3,
Third Quarter 2006


Guynn Retiring
on Oct. 1

Booklet Imparts
Katrina's Lessons

Fed Holds Hearings on
Mortgage Practices

Atlanta Fed Conference
Spotlights Hedge Funds

New Brochure Touts
Bank Account Benefits

Birmingham Branch to
Convert to Cash Depot

Fed Reduces Exposure
to Daylight Credit

Fed Chair Speaks on
Energy Costs' Effects

Schools Gather to Discuss
Community Development

Bills Seek Tougher
Data Security

Fed Gov. Bies Addresses
Mortgage Markets

Olson Resigns Fed to
Lead Pension Board


Data Bank

Circular Letters


Subscribe Online

New Bills Seek Tougher Data Security Standards

Mac in chains
In response to the growing problem of identity theft, federal legislators have introduced several bills to toughen current data security laws and consumer protections. Various congressional committees, including Financial Services and Commerce, have proposed and debated several data security bills since 2005. Additional bills were introduced in June 2006 in response to a growing number of data security breaches.

Current data security laws
Current data security procedures for financial institutions are addressed at the federal level by the Gramm-Leach-Bliley Act (GLBA) of 1999. GLBA's main focus is on broader financial regulatory issues, but sections of the law also address important data security and regulatory guidance.

Federal guidance on responses to data breaches
GLBA on disclosing personal data
Senate Bill 3568 information

GLBA and the regulatory guidance require financial institutions to

develop and implement internal risk-based preventative and response mechanisms to address a data security breach;
provide proper notice to law enforcement and regulatory authorities in the event of a breach; and
provide adequate customer notice and assistance to those whose information has been compromised.

GLBA gives state legislatures room to dictate more stringent data security laws. Many state legislatures, however, defer to the detailed federal regulatory guidance to cover financial institutions.

Given this reliance on federal guidance, state legislative agendas have moved their focus toward regulating other businesses and data brokers. The states in the Sixth Federal Reserve District that have data security laws all have provisions exempting financial institutions that are compliant with GLBA and its regulatory guidelines from more stringent state laws.

Pending federal legislation
As of July 2006, the bills introducing tougher data security standards are seeing continued debate. Several of the bills under discussion are modeled after the provisions of GLBA, including the Senate Bill 3568, which was proposed in late June 2006. As issues regarding the level of discretion given to individual institutions, private rights of action, and preemption of state laws are still being debated, GLBA remains the primary federal shield against identity theft.