(Washington, DC)  --  U.S. Reps. Steven C. LaTourette (R-Concord Township) and Darlene Hooley (D-OR) today introduced landmark federal legislation that mandates that banks, many retailers, data brokers, and credit bureaus notify consumers when their sensitive personal financial information is placed at risk by a data security breach.

The Consumer Notification and Financial Data Protection Act of 2005 will also require companies to provide free credit monitoring services when a data breach places consumers at risk of identity theft, and requires businesses to maintain appropriate policies and procedures to protect the security and confidentiality of sensitive financial personal information against any unauthorized acquisition or misuse.

LaTourette said too many data security breaches have made headlines recently, including one at DSW (Designer Shoe Warehouse) where hackers got credit-card information on as many as 1.5 million customers and one involving up to 40 million consumers through CardSystems Solutions Inc., which stores information about credit-card transactions.  Visa and American Express have announced they will end their relationship with the firm.

This marks the second time LaTourette and Hooley have teamed up to draft important consumer protection legislation as members of the House Committee on Financial Services.   In the last Congress, the pair introduced a wide-ranging identity theft bill that was incorporated into a larger fair credit bill.   The measure, signed into law in December 2003, entitles consumers to free credit reports and offers many protections for those who may be a victim of identity theft.

“The bill we’re introducing today builds on our identity theft law by attacking the problem from another angle – when personal financial data is compromised due to massive security breaches,” LaTourette said.  “We’ve got a serious problem where folks are hacking into store and credit card records and getting a front-row view of the financial data of millions of consumers. Sadly, consumers are often the last to know if their data has been compromised.”

LaTourette said in addition to requiring uniform and timely notification, the bill he introduced today also requires banks, retailers, data brokers, credit bureaus and other businesses who handle sensitive personal financial information to provide – free of charge for 12 months – a credit monitoring service when a data security breach places the consumer at significant risk of identity theft.  The free credit monitoring service would allow consumers to keep a close eye on their credit report to monitor, catch, and repair any fraud that might take place.

The bill takes a number of steps to protect consumers who have been exposed to the risk of fraud or identity theft.

• The notice affected consumers will receive will be uniform, clear, easy to understand, and will include information such as:  a description of the timing and nature of the breach, the type of data involved, a toll-free number where consumers can call to obtain more information, and how consumers can take additional steps to safeguard themselves.

• If it is determined that the breach puts affected consumers at risk of identity theft, the bill makes one year of free credit monitoring available to those consumers.

• The bill places the burden on the financial industry to safeguard consumers’ personal, financial information.

• The bill requires coordination with law enforcement agencies to help track down the hackers or criminals, and requires consultation with federal regulators to help the investigation of the breach of data.