The House Financial Services Committee plans to act Wednesday on a bill that could establish a national data security standard.
The Senate Banking Committee and several other committees are working on their own data security bills.
The House bill, H.B. 3997, was introduced in October 2005. It would bar states from imposing their own security standards, but it would require state insurance regulators to enforce insurance company compliance with the standards.
Supporters of continued state regulation of insurers fought for a state role in enforcement.
Some players in the insurance industry would have preferred to have the Treasury Department or the Federal Trade Commission oversee insurance industry compliance.
H.B. 3997 would set standards for protecting sensitive consumer information, preventing and responding to identity theft, and notifying consumers of data breaches.
The bill would require institutions to provide consumers with a free 6-month nationwide credit monitoring service upon notification of a breach.
The bill would provide a safe harbor from lawsuits for companies that adopt reasonable policies and offer mitigation services, such as credit monitoring.
The lead sponsor of H.B. 3997 is Rep. Steve LaTourette, R-Ohio.
The National Association of Mutual Insurance Companies, Indianapolis, can support H.B. 3997 because it requires notice to consumers only if it is determined that the breached information is reasonably likely to be misused, according to David Winston, NAMIC senior vice president for federal affairs.
“This is an important qualifier, because there are many breaches that do not present such a risk, and requiring disclosure of all breaches would overwhelm businesses and likely produce such frequent consumer notices that consumers would just throw them away,” Winston said.