A bill that would establish a national data security standard was introduced Friday. The Data Protection Act of 2015 was introduced by Reps. Randy Neugebauer (R-TX) and John Carney (D-DE), and would establish a process for companies of all sizes to follow in order to secure consumer data.
The legislation would apply to companies that do not currently have a federal obligation to protect consumer information.
Under the bill, each covered entity must:
- Develop and maintain an effective information security program tailored to the complexity and scope of its operations, and the sensitivity of its data
- Oversee service providers with access to customer information, including requiring service providers by contract to take appropriate steps to protect the security and confidentiality of this information
- Train staff to prepare and implement its information security program
- Test key controls, systems and procedures of its information security program
- Adjust its information security program to reflect the results of its ongoing risk assessment
The bill is based generally on interagency information security standards issued by the Federal Trade Commission and federal banking agencies.