The Credit Union National Association reports:
H.R. 2221, the Data Accountability and Trust Act, passed the House subcommittee on commerce, trade, and consumer protection by a voice vote during a Wednesday markup session.
The bill, which was introduced by House Subcommittee Chair Rep. Bobby Rush (D-Ill.), would require businesses to notify affected customers when outside parties gain access to sensitive information due to a security breach.
Although it supports the goal of granting greater information to consumers whose personal information has been compromised by security breaches, the Credit Union National Association (CUNA) on Wednesday asked legislators to alter some portions of the bill.
In a letter to ranking subcommittee members, CUNA said that while most businesses lack the contact information needed to alert their customers, financial institutions normally have the means to directly communicate with their account holders.
While any notification of data breach victims should be done by the financial institutions, the cost of this notification should be covered by the entity that compromised the data. Financial institutions should also be allowed to disclose the source of the information leak to their cardholders to avoid any harm that could be done to their reputation, CUNA added.