WASHINGTON—A bill establishing national data breach notification requirements for all financial entities – including the credit bureaus – is slated for review today by the House Financial Services Committee, which will also mark up two other key bills.
"The safety and security of consumers and businesses personal financial information is paramount to credit unions," said Brad Thaler, NAFCU's vice president of legislative affairs. "Chairman Luetkemeyer's bill is a good first step, and it ensures all financial regulators establish uniform breach notification standards for all regulated financial entities similar to what is already in place for credit unions, while providing credit unions a clear preemption from state laws on data protection and notification standards. However, NAFCU will continue to work to ensure consumers are fully protected across the board, as we strongly support a universal data security standard covering merchants and retailers as well."
CUNA’s View
CUNA offered a similar perspective.
“We support your legislation that updates Gramm-Leach-Bliley Act (GLBA) notification requirements for credit unions and other financial institutions,” CUNA President Jim Nussle wrote in a letter to House Financial Services Subcommittee Chairman Blaine Luetkemeyer (R-MO), who authored the bill. “Specifically, this legislation would create a notification regime preempting the existing patchwork of often conflicting and contradictory state laws. This national notification standard will ensure that consumers are treated consistently no matter their state residence.”
The bill, the Consumer Information Notification Requirement Act (H.R. 6743), would amend the Gramm-Leach-Bliley Act to require a notice of unauthorized access that is likely to result in identity theft, fraud or economic loss by all financial entities, akin to what is already in place for financial institutions. In turn, entities with national data standards would be pre-empted from state established standards, Thaler explained.
The legislation is a scaled-down version of a larger data security bill that he released earlier this year. He released the new bill in an effort to advance the issue yet this session.
Two Key Bills
The House Financial Services Committee will mark up two important measures Thursday.
H.R. 5534, the Give Useful Information to Define Effective Compliance Act, would alleviate uncertainty by requiring the Bureau of Consumer Financial Protection to standardize the process of providing guidance that can be relied upon by the industry. CUNA said it supports the bill as it would “clearly define guidance and implement clear and realistic timeframes for providing answers in response to requests for guidance.”
H.R. 6743, Consumer Information Notification Requirement Act, would update Gramm-Leach-Bliley Act (GLBA) notification requirements for credit unions and other financial institutions. CUNA said it believes this is a step in the right direction but further urges Congress to consider legislation containing other principles it believes must be part of data breach legislation, to hold “merchants to the same standards as financial institutions and gives the Federal Trade Commission and state attorneys general the authority to enforce this standard.”
CUNA has sent a letter to HFSC Chairman Jeb Hensarling and Ranking Member Maxine Waters to prompt consideration of how these policies impact America’s credit unions.