On Thursday, Nov. 15, U.S. Senators Marco Rubio (R-FL) and John Kennedy (R-LA) introduced the Small Business Credit Protection Act, legislation that would require credit bureaus to inform small businesses, such as credit unions, within 30 days of a nonpublic personal data breach. The bill would also prohibit credit bureaus from charging small businesses for a credit report within 180 days following a breach. In response to the Equifax data breach, Congress amended the Fair Credit Reporting Act to enhance some federal credit protections for “consumers.” However, business credit is excluded from the statutory definition of “consumers” and thus, while small business’ nonpublic information was subject to the breach, the changes did not apply to those using business credit.

In a formal release about the act, it was LSCU leader Patrick La Pine who was asked to comment: “We truly appreciate Sen. Rubio’s efforts to protect private information for small businesses,” said La Pine, president/CEO of the League of Southeastern Credit Unions & Affiliates. “Much like consumer data, small businesses are vulnerable to increasing threats of stolen data and this proactive approach is good for the marketplace and the consumers who use it. On behalf of our members, the Florida Credit Union Association thanks Sen. Rubio and looks forward to working with him on this common sense approach.”

A one pager of the bill is available here.

“The federal government must uphold the trust Americans need to fully participate in our economy. By ensuring that small businesses receive the protections they need in cases of a security breach, the Small Business Credit Protection Act will do just that,” Rubio said. “I urge my colleagues to join me in passing this bill so that we can continue to protect America’s small businesses — the cornerstone of our economy.”

“Credit bureaus need to be held responsible for their gross negligence and data mismanagement,” said Kennedy, a member of the Banking Committee. “We’ve already taken important steps to protect consumers, but small businesses’ credit data were also compromised, and they deserve protection, as well. It’s been just over a year since the Equifax breach, but consumers and mom and pop small businesses are counting on us to keep the pedal to the floor and guard their data privacy.”

Following the Equifax breach, Rubio urged the Securities and Exchange Commission (SEC) Chairman Jay Clayton to require companies to promptly disclose significant hacks of material impact that make Americans vulnerable to identity theft.