On January 15, 2014, Sens. Tom Carper (D-Del.) and Roy Blunt (R-Mo.) introduced legislation to improve safeguards for consumer information. The Data Security Act would require companies that accept credit or debit card payments to have policies and procedures in place to protect consumer data from hackers and to act on breaches. According to the bill, as introduced, businesses would have to investigate breaches and secure the data targeted by hackers. In addition, companies would have to inform their customers as well as federal authorities of any breaches. If a breach involves at least 5,000 customers, the Act requires businesses to notify credit reporting agencies.
The Data Security Act follows closely on the heels of legislation introduced last week by Sen. Patrick Leahy (D-Vt.), the Senate Judiciary Committee’s chairman, titled the Personal Data Privacy and Security Act. Meanwhile, the House Commerce, Manufacturing and Trade Subcommittee of the Energy and Commerce Committee intends to hold a hearing in the first week of February on the recent retail store breaches.