A bill seeking to standardize data breach notifications for the financial industry at the federal level was passed this week by the House Financial Services Committee.
Bill H.R. 6743, also called the Consumer Information Notification Requirement Act, is an amendment to the Gramm-Leach-Bliley Act with the purported aim of creating a national standard to notify consumers if a financial institution has had their data compromised. It was proposed by Missouri Republican representative Blaine Luetkemeyer on the one year anniversary of the Equifax breach which affected over 140 million people.
“Data security is a challenging and constantly evolving issue, but consumers across the nation need a robust federal data security standard. I have been working with my colleagues on the Financial Services Committee to affirm national data security and notification standards apply to all financial institutions,” said Chairman Luetkemeyer in a press release.
State regulators and consumer advocates are more skeptical of the bill, including the National Governors Association, which released a statement expressing concern that “H.R. 6743, the Consumer Information Notification Requirement Act, represents an unwarranted expansion of federal preemption of state and local authority regarding data security and breach notification standards.”
A coalition of consumer and privacy groups including the ACLU, NAACP, EFF, and others also opposed the bill, saying that it “might also be called the ‘Equifax Protection Act’”, and “narrows even modest data breach requirements currently in place while also preempting all state data breach, data security, and other privacy laws as they apply to both financial institutions and their affiliates.”
The controversy surrounding the bill revolves around one of the larger hurdles of data breach legislation, where the impetus to create a more universal standard (akin to the European Union’s GDPR) often times comes at the expense of more stringent state and local laws.
Despite its passage by the House Financial Services Committee, the bill itself is regarded as highly unlikely to pass in the current Congressional session.