Washington–Language in a new House bill setting federal rules for companies' consumer data security would leave state regulators in charge of enforcing adherence in the case of insurance companies.

Under the 1945 McCarran-Ferguson Act regulation of insurers is left to the states.

The data security legislation introduced with bipartisan support last week would safeguard sensitive consumer information, fight identity theft, and create a uniform standard for notifying consumers of data breaches. It would bar states from setting their own data security regulations.

The National Association of Mutual Insurance Companies said it would support the bill, which it called "a reasonable attempt to address consumers' concerns about identity theft in a way that reflects the practicality of business operations."

Data security is becoming a priority in Congress, especially since the records of several credit card processing companies were breached this summer.

The bill, titled the "Financial Data Protection Act of 2005," would prevent data breaches by mandating a strong national standard for the protection of sensitive consumer information.

It would require institutions to notify consumers when their information has been compromised and could be used by identity thieves, and also require institutions to provide consumers with a free six-month nationwide credit monitoring service upon notification of a breach.

David Winston, NAMIC senior vice president for federal affairs, said the bill is supportable because it requires notice to consumers only if it is determined that the breached information "is reasonably likely to be misused."

"This is an important qualifier because there are many breaches that do not present such a risk and requiring disclosure of all breaches would overwhelm businesses and likely produce such frequent consumer notices that consumers would just throw them away," Mr. Winston said.

Other provisions that make the bill supportable for small insurers include the mandate that it will be enforced by the specific agency that functions as the institution's regulator. "In the case of insurers, this would mean the regulator in the state of domiciliary," Mr. Winston said.

He commented, "This is very important as the enforcer could have been the Treasury Department or the Federal Trade Commission."

The bill also provides a safe harbor from lawsuits if reasonable policies and procedures are in place and mitigation services such as credit monitoring are provided, he said.

Under the bill, a breached organization would be required to provide consumers, free of charge, a service that monitors consumer credit files so they will be informed if attempts are made to open a new line of credit in their name.

The bill was introduced by several members of the House Financial Services Committee, including Reps. Steve LaTourette, R-Ohio, Darlene Hooley, D-Ore., Michael Castle, R-Del., Dennis Moore, D-Kan., and Deborah Pryce, R-Ohio, chairman of the committee's Domestic and International Monetary Policy Subcommittee.

Continue Reading for Free

Register and gain access to:

  • Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.