Corzine Data Bill Calls for C-Level Accountability, FCRA, GLB Extension, Civil Lawsuits

Senator Jon S. Corzine (D-NJ) became the latest congressman to announce legislation triggered by recent data compromises. During a Senate Committee on Banking, Housing and Urban Affairs hearing on compiled data and identity theft, Corzine announced that he would introduce his bill, the “Identity Theft Prevention and Victim Recovery Act,” next week.

The legislation calls for any company compiling consumer data to establish security systems that safeguard the sensitive personal information they collect or maintain on behalf of customers. Each firm’s chief compliance officer, or its CEO, would have to personally attest that the safeguards are in place – “just like in Sarbanes-Oxley,” Corzine noted -- and that the firm has an ongoing system of monitoring its compliance with federal guidelines.

Consumers injured by violation of the bill’s provisions would be able to bring civil suits to recover damages, and state attorneys general would be permitted to bring civil actions on behalf of state residents wronged.

Under the proposed legislation, the Federal Trade Commission would be asked to prescribe rules requiring that third-party information service providers implement security systems. The FTC would be empowered to oversee their implementation. It also calls for the FTC to investigate extending provisions of the Gramm-Leach-Bliley Act, Fair Credit Reporting Act and other consumer information and privacy statutes to cover data aggregators and information service providers.

The bill also calls for any consumers whose information has been compromised to be notified promptly, but does include a provision for a notification delay if such action would compromise law enforcement activities.

Corzine’s bill is similar to legislation he introduced during the Senate Committee on Banking, Housing and Urban Affairs’ previous consideration of the Fair Credit Reporting Act reauthorization bill. That legislation was ultimately dropped due to opposition from federal regulators, including the Office of the Comptroller of the Currency, and the Federal Reserve, as well as the financial services industry, according to a statement from Corzine.