Financial Update - Volume 19, Number 3 - New Bills Seek Tougher Data Security Standards
Vol. 19, No. 3,
Third Quarter 2006
Bills Seek Tougher
Current data security laws
Current data security procedures for financial institutions are addressed at the federal level by the Gramm-Leach-Bliley Act (GLBA) of 1999. GLBA's main focus is on broader financial regulatory issues, but sections of the law also address important data security and regulatory guidance.
GLBA and the regulatory guidance require financial institutions to
|||develop and implement internal risk-based preventative and response mechanisms to address a data security breach;|
|||provide proper notice to law enforcement and regulatory authorities in the event of a breach; and|
|||provide adequate customer notice and assistance to those whose information has been compromised.|
GLBA gives state legislatures room to dictate more stringent data security laws. Many state legislatures, however, defer to the detailed federal regulatory guidance to cover financial institutions.
Given this reliance on federal guidance, state legislative agendas have moved their focus toward regulating other businesses and data brokers. The states in the Sixth Federal Reserve District that have data security laws all have provisions exempting financial institutions that are compliant with GLBA and its regulatory guidelines from more stringent state laws.
Pending federal legislation
As of July 2006, the bills introducing tougher data security standards are seeing continued debate. Several of the bills under discussion are modeled after the provisions of GLBA, including the Senate Bill 3568, which was proposed in late June 2006. As issues regarding the level of discretion given to individual institutions, private rights of action, and preemption of state laws are still being debated, GLBA remains the primary federal shield against identity theft.