Digital Transactions Authoritative, insightful and timely information for payments professionals
The U.S. House of Representatives’ Financial Services Committee on Tuesday afternoon was scheduled to consider a data-security bill that is drawing fire from merchant trade groups and consumer advocates, but which has the support of the American Bankers Association.
H.R. 2205, the Data Security Act of 2015, was introduced last May but hasn’t seen much action in the Financial Services Committee until today, when it was scheduled for a mark up.
Congress has considered a number of data-security bills in recent years as payment card data breaches at retailers and processors made headlines, as well as data compromises at health-care facilities, schools, and other organizations. But conflicting views about privacy, what would be required of companies that handle sensitive personal information, the hot debate over superseding state data-protection measures and notification laws with uniform federal standards, and related issues have prevented Congress from taking decisive action on the issue.
Some 13 merchant groups, including the National Retail Federation, the Retail Industry Leaders Association (RILA), NACS (the National Association of Convenience Stores) and the National Grocers Association, sent a letter to the panel today expressing their “strong opposition” to H.R. 2205.
Drawing heavy fire from the merchants is a provision that they say would require anyone who touches sensitive account information, including a debit or credit card, to first pass a criminal background check. The retailers say the provision arises from the bill’s attempt to apply financial-industry safeguards from the Gramm-Leach-Bliley Act, which Congress passed in 1999, to non-banking entities regulated by the Federal Trade Commission.
“This would subject tens of millions of front-line employees, such as retail employees working at cash registers, waiters and waitresses at restaurants, and even taxicab drivers, to pass criminal background checks,” Jennifer Safavian, executive vice president for government affairs at Arlington, Va.-based RILA, said in a statement. “Haphazardly slapping rules that were written 15 years ago for the financial industry on retailers, restaurants, and thousands of small businesses is not the kind of data-security legislation that will safeguard our economy. This is red tape masquerading as security.”
Retailers also object to enforcement provisions in the bill and say it could open them up to more lawsuits.
Meanwhile, 17 consumer and public-interest groups also voiced their opposition to the bill, saying it would provide weaker protection of personal data than the current state laws.
“Unless and until the House can improve this bill to offer consumers something new, rather than just retreading old ground and prohibiting states from acting to protect their citizens, we urge you to oppose the Data Security Act of 2015,” a letter from the groups to the committee leadership says.
The groups include the Consumer Federation of America, U.S. Public Interest Research Group, and Privacy Rights Clearinghouse.
The American Bankers Association, however, said in a letter that H.R. 2205 would establish a common security standard that would replace what it calls the current patchwork of state laws and federal regulations.
“This comprehensive approach would better serve consumers by making it easier for businesses and government agencies to take the steps necessary to adequately protect all Americans from identity theft and account fraud,” the Washington, D.C.-based ABA said.
In a mark up, a bill is debated, amended, re-written, or sent to the full House for consideration. The Financial Services Committee, which also was considering six other bills and a resolution on terrorism financing Tuesday, was still in session at Digital Transactions News’s deadline.
Editor's Note: The House Financial Services Committee approved H.R. 2205 Dec. 9 on a 46-9 vote.
