Go to:

March 2019
< Feb Apr >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Senators Consider Gramm-Leach-Bliley as Breach Law Base
Monday, February 9, 2015 6:35 AM

Credit Union National Association reports that in a Senate subcommittee hearing last Thursday, members discussed the potential of using security specifications in the Gramm-Leach-Bliley Act (GLBA) as a model for building a national data security standard.

The GLBA contains language that allows it to preempt existing state laws to create a more uniform security standard, which CUNA and members of Congress have said needs to be an integral part of data breach legislation.

The chair for the Senate subcommittee on consumer protection, product safety, insurance, and data security, Sen. Jerry Moran (R-KS), said the need for federal action in the face of increasing data breaches becomes clearer each day.

"While Congress has developed sector-specific data security requirements for both financial institutions and companies that handle particular types of health information, Congress has been unable to reach consensus on the development of a national data security and data breach notification standard," Moran said.

"As a result, states have taken on this task by developing their own standards, and as of today, businesses are subjected to a patchwork of over 50 different state, district and territory laws that determine how businesses must notify consumers in the event of a breach.

"I think Gramm-Leach-Bliley offers a potential model here," said Sen. Richard Blumenthal (D-CT), the subcommittee's ranking member. He added that the preemption aspect of the law might prove to be common ground upon which to build data breach legislation.

In addition to federal security and notification standards, CUNA is pushing for parties who are breached to bear the costs resulting from the data breaches. According to CUNA surveys last year, data breaches at Home Depot and Target alone cost credit unions more than $90 million.