ARLINGTON, Va. – In a letter to the House Financial Services Committee, the National Association of State Credit Union Supervisors (NASCUS) has stated its opposition to legislation that would preempt state regulations regarding data breach notifications and fail to subject non-financial entities (such as retail establishments and consumer reporting agencies) to the same data breach
standards as financial entities.
H.R. 6743, the Consumer Information Notification Requirement Act, would “disregard state law and prevent a state from determining the best mechanism for providing data security protections to its citizens,” NASCUS said.
The bill’s lead sponsor is Rep. Blaine Luetkemeyer (R-MO).
“Where a state has an existing data security and breach notification apparatus in place that provides for more stringent protections—deference should be given to the state law,” wrote NASCUS President Lucy Ito.
NASCUS argued that the vast majority of companies responsible for data breaches are not financial institutions, yet the legislation fails to subject these companies to the same rigorous requirements as financial service providers.
“Any ‘national standard’ would need to incorporate data security compromises that occur within non-financial entities, as well as establish breach notification requirements for those companies,” said Ito.
For more info: NASCUS Letter Re 6743