Congress Considers National Data Breach Legislation


2015 may be the year that the U.S. Congress gets serious about national data breach legislation. In late January, the House Commerce, Manufacturing, and Trade Subcommittee opened hearings on the matter, and Subcommittee Chairman Michael Burgess (R-TX) has called the issue a “top priority” for the new Congress.

The hearing opened after President Barack Obama outlined his own legislative proposal as part of the State of the Union (SOTU). The Personal Data Notification & Protection Act would criminalize illicit overseas trading or selling of stolen identity data, and would require breached organizations to notify customers within 30 days of the event.

“The more we do to protect consumer information and privacy, the harder it is for hackers to damage our businesses and hurt our economy,” Obama told the Federal Trade Commission in mid-January, just days before the SOTU. “Right now, almost every state has a different law on this, and it’s confusing for consumers and it’s confusing for companies — and it’s costly, too, to have to comply with this patchwork of laws.”

While past attempts by Congress to address the issue have stumbled and stalled, recent well-publicized and massive data breaches — and consumers’ reaction to them — are placing pressure on legislators to pass legislation. And Congress appears ready to put political differences aside to do just that.

“I do sincerely believe that is an achievable goal,” Rep. Burgess told The Hill. “It’s clear most of us agree on preemption.”

Forty-seven states already have data breach notification laws that dictate who must comply with the law and define “personal information”, what constitutes a breach, notice requirements and exemptions.

At TransFirst®, we consider data breach security to be a serious concern for all parties involved in payment processing, including ourselves and our merchant and service provider clients. From our perspective, a data breach occurs when an unauthorized party accesses a merchant’s network and steals cardholder data, typically through hacking, malware or spyware, employee dishonesty or the loss of cards, paper records or a device.

The first line of defense against data breach is PCI compliance, the strict adherence to the Payment Card Industry Data Security Standard (PCI DSS), which focuses on keeping the storage, transmission and processing of cardholder data secure. We also offer a Data Breach Security Program to help protect our clients, their businesses and customers from the serious fallout a data breach can generate.

We will follow activity on Capitol Hill regarding the proposed national data breach prevention legislation and update our coverage as necessary.

Get Started Below

or Call 888.845.9457
Do you accept credit cards?
Are you a U.S.-based business?
What is your primary method of processing?
  • Your information is private and secure. We only accept U.S.-based businesses. We do not accept adult businesses


Chat with a Professional!

Your information is private
and secure.We only
accept U.S.-based
businesses. We do not
accept adult businesses.

©2017 Total System Services, Inc. TSYS® is a federally registered service mark of Total System Services, Inc. All rights reserved. TSYS Merchant Solutions is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA; Synovus Bank, Columbus, GA, and First National Bank of Omaha, Omaha, NE. TSYS Business Solutions is a registered ISO/MSP of Wells Fargo Bank, N.A., Walnut Creek, CA; Synovus Bank, Columbus, GA; and Deutsche Bank, New York, NY for Visa and Mastercard transactions only.