Washington–The House Financial Services Committee approved legislation establishing a national standard for customer data security yesterday with modifications designed to make it more palatable for insurers.

But the bill still faces an unclear path to passage this year because of consumer concerns voiced by Democrats about the precise rights individuals have to protect themselves when a data security breach occurs.

Reacting to the House action, Dennis Kelly, a spokesman with the American Insurance Association, said today, “Insurers are already subject to data security standards that we have to comply with under Gramm-Leach-Bliley.

“We want a uniform national standard that allows insurers to notify policyholders as quickly as possible, which means any national standard should allow a wide range of means of notification, including phone, e-mail and regular mail.”

The bill passed the House panel, 48-17, after more than 24 hours of maneuvering to win support for changes in the original legislation acceptable to property-casualty insurers.

The p-c industry's concerns deal with how much power a consumer would have to bar insurers from using their credit scoring data to set rates on a personal lines product after a data breach.

The industry's concern was that the original bill set a low standard for triggering investigations and other steps required after a data breach.

Various Senate committees have jurisdiction over the issue, and none has acted on similar legislation so far this year. The Senate Banking Committee, whose legislation is likely to set the standard for Senate action, has promised to deal with the issue this spring, but no timetable for action has been set.

The bill in the House Financial Services Committee, which follows a string of high-profile data loss cases reported by banks and credit card issuers, lays out requirements for companies to investigate and notify customers, law enforcement and credit-reporting agencies when there is a breach.

The p-c industry was also successful in securing language more to their liking concerning what should trigger notification procedures and other safeguards for consumers.

The industry was also successful in defeating attempts to provide state attorneys general with enforcement authority, weaken the measure's ability to preempt state statutes protecting consumers, and remove any preemption of state law applicable to credit freezes.

Special Reports /

Insurers Win Points In Data Security Bill

Related Stories

Recommended For You