Banking Blog

Finance Blogs » Banking » Citi breach spurs new legislation

Citi breach spurs new legislation

By Claes Bell, CFA · Bankrate.com
Thursday, June 30, 2011
Posted: 11 am ET

Since I last reported on the Citigroup data breach, the bank has admitted that the number of customers affected was around 360,000, about 80 percent more than they originally reported. These types of revelations are now pretty commonplace after data breaches, as firms burned by hackers often prioritize damage control over truthful disclosure.

Of course, the problem with that approach is that customers whose data have been snatched by hackers often aren't informed until weeks or months after the fact, which may put them at greater risk of identity theft. While a lot of states have laws on the books forcing financial institutions to report data breaches to consumers in a timely manner, the differences between state laws has created a difficult-to-comply-with patchwork of laws. As of right now, we don't yet have a similar national law in place to address situations like the Citi breach.

A couple of bills winding their way through Congress seek to change that. In the House of Representatives, Rep. Mary Bono Mack (R-Calif.) has introduced the Secure and Fortify Electronic Data Act, or SAFE Data Act, and in the Senate, Sen. Patrick Leahy (D-Vt.) has reintroduced The Data Security and Breach Notification Act of 2011.

Both bills would require institutions to adopt a minimum level of security and to inform law enforcement and customers about data breaches in a timely manner. Both also call for fines and other sanctions against firms that fail to comply.

What do you think? Should government be keeping a closer eye on how banks and other institutions manage our financial information?

«
»
Bankrate wants to hear from you and encourages comments. We ask that you stay on topic, respect other people's opinions, and avoid profanity, offensive statements, and illegal content. Please keep in mind that we reserve the right to (but are not obligated to) edit or delete your comments. Please avoid posting private or confidential information, and also keep in mind that anything you post may be disclosed, published, transmitted or reused.

By submitting a post, you agree to be bound by Bankrate's terms of use. Please refer to Bankrate's privacy policy for more information regarding Bankrate's privacy practices.
1 Comment