Proposed Bill Would Establish Standards for National Data Security
The bill, introduced in the Senate on January 15, 2014 and cited as the Data Security Act of 2014, would require entities such as financial institutions, retailers, and federal agencies to better safeguard sensitive information, investigate security breaches, and notify consumers when there is a substantial risk of identity theft or account fraud. The new requirements would apply to businesses that take credit or debit card information, data brokers that compile private information, and government agencies that possess nonpublic personal information. According to Sen. Tom Carper (D-Del.) and Roy Blunt (R-Mo.), who introduced the bill, the Data Security Act of 2014 is modeled after the data security and breach-response regime established under the Gramm-Leach-Bliley Act of 1999 and subsequent regulations.