The House Financial Services Committee just concluded a mark-up of H.R. 6743, a bill designed to create a uniform national standard for breach notification limited to financial services providers. While data security standards are required under the Gramm-Leach-Bliley Act (GLBA), the author, Rep. Blaine Luetkemeyer (R-MO) contended that the multitude of state breach notification laws have created a confusing practice for financial institutions. He stated his purpose is to extend notification requirements to non-depositories such as Equifax.
During the debate, both the author and Ranking Democrat (Rep. Maxine Waters) contended that this legislation is far from a comprehensive solution to resolve the plague of data breaches – however because of jurisdictional issues, the committee could not include retailers. Rep. Waters attempted to offer an amendment shifting the nature of the preemption language from a national “ceiling” to a “floor” which would allow states to offer stronger notification standards if they opted. The amendment failed on a party line vote. The bill passed on party lines.
Credit unions continue to seek amendments for a comprehensive solution to address data breaches, and will pursue options as H.R. 6743 advances to the House Floor.