Lawmaker Calls for SAFE Data Law in Wake of GPN Breach

by Mercator Advisory Group 0

The data breach confirmed Friday by acquirer processor Global Payments has rekindled discussion about a stalled bill in the U.S. House of Representatives called the Secure and Fortify Electronic (SAFE) Data Act. Representative Mary Bono Mack, the bill’s sponsor, urged her fellow legislators to pass the bill, which would require firms to establish policies for data security and national notification in the event of a security breach.

“Consumers have a right to know when their personal information has been compromised, and companies and other organizations have an overriding responsibility to promptly alert them,” said the California Republican.

ISO & Agent spoke with Larry Blanchard, a lobbyist with the Credit Union National Association Mutual Group, who stated:

“We expect there will be a lot of amendments to the bills having to do with cyber security and data breaches.”

The latest cards breach, which may have exposed millions of Visa, MasterCard and Discover cards to hackers, has reignited hope among credit unions that their long fight for data security legislation could come to fruition.

Though legislative proposals that would have required immediate public notification and reimbursement by the breached parties has been dismissed in past Congresses, the hope is that pending cyber security bills aimed at protecting government and other important institutions from hackers will serve as a vehicle for the cards bills.

Movement on the data security issue, which attracts interest that ebbs and flows with the discovery of large scale cards breaches, has been plagued by the interests of two powerful Washington lobbies on opposite sides of some of the issues–the credit union and banks that issue cards and must plug the breaches, and the merchants who often are the victims of hackers.

The card issuers have fought for years for bills that would require the victims of hacking to notify the affected parties immediately–cardholders in most cases–and to pay the costs to resolve the hacking, such as card replacements and fraud restitution. But the merchants, who would be liable for the reimbursement costs and for the harm public notification would do their reputation, have opposed such measures.

Click here to read more from ISO & Agent.