Data Breach Insurance Act Coming Soon, Perlmutter Says
Rep. Ed Perlmutter, D-Colo., vowed he'll bow his Data Breach Insurance Act via the House Financial Services Committee to encourage financial services institutions to fortify themselves against data breaches, saying the bill is in line with the White House’s policy of encouraging critical infrastructure sectors to voluntarily improve their cybersecurity. Perlmutter and the co-founders of the Senate Payments Innovation Caucus emphasized the importance of government collaboration with the private sector on payment security issues during a joint Visa-The Hill event Thursday.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The Data Breach Insurance Act would allow an entity to get a tax credit from the federal government for demonstrable improvements to the entity’s cybersecurity practices. The credit would be applied toward data breach insurance premiums, Perlmutter said. The bill essentially would allow entities to begin “insuring for a data breach,” he said. Perlmutter said he believes the bill will get bipartisan support, saying responding to the growing data breach threat isn’t an issue on which there’s a “Democratic-Republican chasm.” He pointed to President Barack Obama’s signing of his 2013 cybersecurity executive order as a recent effort to encourage voluntary improvements to industry cybersecurity. That order eventually led to the creation of the National Institute of Standards and Technology’s industry-led Cybersecurity Framework.
Perlmutter expressed more skepticism over the Data Security Act (HR-2205) from House Financial Institutions and Consumer Credit Subcommittee Chairman Randy Neugebauer, R-Texas, and Rep. John Carney, D-Del., calling the bill “a little too prescriptive for me.” HR-2205 would establish a national data security and breach notification standard for financial institutions and retailers, essentially expanding security requirements under the 1999 Gramm-Leach-Bliley Act. Perlmutter said his Data Breach Insurance Act emphasizes his preference for providing incentives for voluntary cybersecurity improvements over additional regulation.
Sens. Gary Peters, D-Mich., and Mike Rounds, R-S.D., two of the co-founders of the Senate Payments Innovation Caucus, said they believe collaboration with industry stakeholders is key to any government involvement in addressing data breach issues. “What we’ve got to is find common ground” with the private sector on what regulations would allow industry to “stay ahead” of major data breaches, Rounds said. The government’s most effective role in addressing data breaches “may be to coordinate, bring folks together,” Peters said, saying industry stakeholders have told him they want a forum for talking with the Department of Homeland Security, FBI and the military about effective security updates. The government “should also be setting some goals for what we need to achieve” on data breach issues, Peters said.
Peters, Perlmutter and Rounds all said they believe there’s a good chance that Congress can reach agreement on a conference cybersecurity information sharing bill, though Rounds emphasized the need for a final bill to be flexible enough to allow the private sector to “stay ahead of the bad guys.” Congress is in the early stages of conferencing the Senate-passed Cybersecurity Information Sharing Act (S-754) and the House-passed Protecting Cyber Networks Act (HR-1560). “There’s a building consensus about the need for collaboration,” though the key will be in effectively balancing improvements to the cybersecurity information sharing apparatus against protecting privacy and civil liberties, Perlmutter said.
National Security Council Cyber Directorate Director-Critical Infrastructure and Information Sharing Ben Flatgard also expressed optimism about information sharing legislation, saying it “gets us a long way by applying targeted liability protections.” Information sharing generally “emphasizes the need for public-private partnerships,” he said. The financial services industry has been heavily involved in information sharing with the government, particularly via the Financial Services Information Sharing and Analysis Center, said Electronic Transactions Association CEO Jason Oxman.
The financial services industry is optimistic about its progress with deploying the new microchip-enabled EuroPay, MasterCard, Visa (EMV) credit cards, Oxman said. The industry has deployed hundreds of millions of new EMV cards since its Oct. 1 soft deadline for retailers to begin accepting the new cards in order to avoid being held liable for any credit card fraud, Oxman said. Convenience stores and other retailers that are the most susceptible to fraud have been the quickest to adopt EMV card readers, but other retailers are likely to adopt the readers within the next year, Oxman said.