Late last week, Congress introduced two new data privacy security bills. H.R. 580, “The Data Accountability and Trust Act (DATA), introduced by Representatives Bobby Rush (D-IL) and Joe Barton (R-TX), is substantially similar to a bill which has been introduced several times in previous Congresses. The DATA Act requires commercial entities that own or possess any personal information of consumers such as full names, social security numbers, ID and credit card information, to implement effective information security policies and procedures to safeguard that information. Additional provisions in the law would require these entities to notify individual consumers, as well as the Federal Trade Commission, following consumer data breaches and when personal information is accessed or acquired by unauthorized persons.
In the Senate, Bill Nelson (D-FL) introduced a similar bill, S. 177, “The Data Security and Breach Notification Act”. The Senate bill is also a re-introduction of a previous bill, which would contain many of the same requirements as the DATA measure.
NAR has submitted letters to the Senate Consumer Protection, Product Safety, Insurance and Data Security Subcommittee and the House Commerce, Manufacturing, and Trade Subcommittee which both held hearings on this issue. NAR’s letters expressed NAR's belief that any new federal data security law must be narrowly tailored to minimize the regulatory burden such a law could place on vulnerable independent contractors and small businesses that are just now beginning to experience a fragile economic recovery.