Like Countable?

Install the App
TRY NOW

house Bill H.R. 2205

Is There a Need For a National Standard to Report Breaches of Personal Information?

Argument in favor

Account holders should be informed about potential breaches of their personal information as quickly as possible, and this bill would create a federal standard to ensure that happens.

Steven's Opinion
···
04/09/2016
My right to protect my identity comes before, some companies "reputation" or devaluation of their stock.
Like (13)
Follow
Share
Alis's Opinion
···
04/07/2016
It has appeared that companies are often so busy avoiding bad press that they do not report breaches in a timely manner. A federal standard would put them on an equal playing field with other businesses. And better protect consumers!
Like (7)
Follow
Share
AndrewGVN's Opinion
···
12/10/2015
This bill provides the consumer with more information about what is truly going on with the finances, and it protects consumers, no reason why to not pass this bill.
Like (5)
Follow
Share

Argument opposed

Businesses and government entities that have access to people’s sensitive personal information can be expected to notify those who may be affected by a data breach without a federal standard.

Den's Opinion
···
09/07/2016
It needs to include the government. They need to stop exempting themselves from what the peasants have to do.
Like (1)
Follow
Share
Eric's Opinion
···
06/14/2016
The government does not need to get involved here
Like (1)
Follow
Share
Carol's Opinion
···
05/01/2016
Keep government nose out of everyone's lives. Private industry always does it better!
Like (1)
Follow
Share

bill Progress


  • Not enacted
    The President has not signed this bill
  • The senate has not voted
  • The house has not voted
      house Committees
      Committee on Financial Services
      Committee on Energy and Commerce
      Consumer Protection and Commerce
    IntroducedMay 1st, 2015

What is House Bill H.R. 2205?

This bill would require individuals, corporations, or other non-government entities that access or handle sensitive financial account information and nonpublic personal information to implement an information security program. Those people and organizations would also be required to notify consumers, federal law enforcement, relevant administrative agencies, payment card networks and consumer reporting agencies about data breaches that could lead to identity theft or fraud.

Covered entities would be directed to require their third-party service providers by contract to put in place appropriate safeguards for sensitive information. Entities would be allowed to delay sending out notifications about a data breach if one is requested by a law enforcement agency.

Financial institutions would be allowed to communicate with account holders regarding breaches at third-party entities that have clients account information. The bill would establish special notification procedures for breaches at third-party entities and electronic data carriers. Alternative compliance procedures would be put in place for financial institutions covered by the Gramm-Leach-Bliley Act and entities complying with health record privacy laws.

Among the entities tasked with enforcing this legislation would be the following:

  • Federal Trade Commission (FTC);

  • Comptroller of the Currency;

  • Federal Reserve System;

  • Federal Deposit Insurance Corporation (FDIC);

  • National Credit Union Administration Board;

  • Securities and Exchange Commission (SEC);

  • Commodity Futures Trading Commission (CFTC);

  • The Office of Federal Housing Enterprise Oversight;

  • State insurance authorities in certain circumstances.

This legislation would also prohibit state laws from being imposed for information security and breach notification purposes.

Impact

Any individual or entity that handles sensitive personal information — especially banks and health care providers; and federal and state agencies responsible for enforcing this legislation.

Cost of House Bill H.R. 2205

A CBO cost estimate is unavailable.

More Information

In-Depth: Sponsoring Rep. Randy Neugebauer (R-TX) introduced this bill to ensure that consumers are promptly alerted about data breaches at entities that store sensitive personal information:

“This legislation was crafted with three guiding principles. First, any national standard must be technology neutral and process specific. This helps ensure the private sector can continue to innovate. Second, we need everyone at the table — all participants in the payment system must equally share in the efforts to protect consumer financial data. As we have learned from too many previous breaches, the system is only as strong as the weakest link. Finally, the standards we establish are scalable and well-tailored to to avoid unnecessary burdens on small businesses. It is imperative that any standard take into consideration the size scope, and type of financial information businesses hold.”

This legislation was passed by the House Financial Services Committee on a vote of 46-9, and it enjoys the bipartisan support of 36 House cosponsors, including 21 Republicans and 15 Democrats.


Media:

Summary by Eric Revell
(Photo Credit: Flickr user bogenfreund)

AKA

Data Security Act of 2015

Official Title

To protect financial information relating to consumers, to require notice of security breaches, and for other purposes.

    My right to protect my identity comes before, some companies "reputation" or devaluation of their stock.
    Like (13)
    Follow
    Share
    It has appeared that companies are often so busy avoiding bad press that they do not report breaches in a timely manner. A federal standard would put them on an equal playing field with other businesses. And better protect consumers!
    Like (7)
    Follow
    Share
    This bill provides the consumer with more information about what is truly going on with the finances, and it protects consumers, no reason why to not pass this bill.
    Like (5)
    Follow
    Share
    As protecting one's personal information becomes more difficult, we all deserve the right to know if our information has been breached. A national standard would set a precedent and keep unscrupulous companies from hiding breaches.
    Like (4)
    Follow
    Share
    It is important to promptly notify affected people about data breaches. However, the bill should be amended to include all non-business holders of personal data, including governments at all levels and NGO's, and not-for-profit entities.
    Like (4)
    Follow
    Share
    Although I say this is a good idea, I would say that the private citizen should recognize that your privacy is already gone. It's my opinion that both government and corporate entities already into private information. Protection from violation is an illusion. The thought of privacy is nice though.
    Like (2)
    Follow
    Share
    The longer a person is kept in the dark about a data breach the more time thieves have to exploit that information. A quick example is if your SSN, DOB, etc. was released multiple credit cards could be opened up in your name and maxed out without your knowledge. This can be averted by freezing your credit report, changing key information on all your major accounts, and generally avert the worst case scenarios, but only if notified in a timely manner. Majority of people only check their credit report once a year and that's plenty of time to ruin someone financially.
    Like (2)
    Follow
    Share
    companies have the responsibility to protect their users. if they fail in any way to do that they should be required to disclose their failure so people can take steps to protect their assets and identity.
    Like (2)
    Follow
    Share
    Just another federal power grab.
    Like (1)
    Follow
    Share
    Keep government nose out of everyone's lives. Private industry always does it better!
    Like (1)
    Follow
    Share
    Corporations are not famous for their i'll truism. In fact whenever they do a fundraiser or donation, in the end it always a act in order to benefit the company and more so the shareholders. The government has a duty toinsert the safety of its citizens. Today identity theft and theft is one of the scariest situations one can face. Perhaps some corporations will inform their customers that their identity and information has been breached, however I feel that they will avoid informing their customers as much as possible in order to ensure that their reputation remains in good standing. Having a day to preach is certainly not a positive for any company or organization. While this includes The United States, United States still has to deal with the situation and up approach it with as much security and have the willingness to not only be defensive but to go on the offense of to defend our nation's information, consumer and corporate.
    Like (1)
    Follow
    Share
    Corporations cannot be trusted to inform people of data breaches if it could impact their reputation and thus their bottom line. They will cover up instead. No reason to trust them at all.
    Like (1)
    Follow
    Share
    The government does not need to get involved here
    Like (1)
    Follow
    Share
    If companies wish to stay in business, they will self monitor. Keep the government out of it.
    Like (1)
    Follow
    Share
    Businesses and organizations are generally as likely to bury the breach than report it. Often a couple days go by before a breach is announced as the organization investigates the extent of the breach, drafts their careful and semi-accurate statements for the press and their customers and ultimately does little to plug the dam against future breaches. We must hold organizations fiscally responsible for financial problems arising from sensitive data breaches as well as requiring follow up on what actions are ultimately taken to resolve the issue. We must also understand that not all breaches are caused by the reporting organization being lazy. Often technical vulnerabilities, especially in larger size organizations take significant effort and time to remedy. Patching your home computer of vulnerabilities takes time. Multiply that by the number of systems deployed by an organization, regardless of size, and triple that time for server systems.
    Like (1)
    Follow
    Share
    Non government entities only? I don't feel I need protection from corporations, I feel I need protection from my government.
    Like (1)
    Follow
    Share
    Considering the past performances of some companies that have taken their time to report breaches. Yes.
    Like (1)
    Follow
    Share
    Absolutely not if it excludes the govt. they have more breaches than the private sector, for one, but more importantly- NO law should be enacted that doesn't require the govt to meet the same standards. Secondly, there are already rules in place that require notifications. We don't need another law that will require a team of lawyers to understand. If there is criminal negligence- only then should any level of govt get involved.
    Like (1)
    Follow
    Share
    Don't mess with the private sector, who does a much better job of security than you anyhow.
    Like (1)
    Follow
    Share
    Too much government. Congress needs to cut waste and stop all the spending.
    Like (1)
    Follow
    Share
    MORE