A group of nearly two dozen financial services trade groups, but none of the ARM industry associations, have submitted a letter to the Chairman of the House Energy Committee and the chairman of the Subcommittee on Digital Commerce and Consumer Protection, requesting federal data breach and data security legislation. The letter is a response to several recent data breaches within the financial services industry.
“For the first time in over a decade, the banking, payment, retail, telecommunication and technology industries have come together to call on Congress to enact national data security legislation,” said Jason Kratovil, the Financial Services Roundtable’s Vice President of Government Affairs for Payments. “Congress should harness this momentum and quickly deliver a bill to the President’s desk.”
Among the groups that signed the letter are the American Bankers Association, Electronic Transactions Association, Consumer Bankers Association, and USTelecom.
“Data security impacts every sector of the economy,” wrote the associations in the letter, which was sent to Rep. Greg Walden [R-Ore.], who chairs the energy committee, and Rep. Bob Latta [R-Ohio], who chairs the consumer protection subcommittee. “We therefore look forward to working with you and your colleagues to ensure that all sectors employ sound data security and alert consumers when a breach may result in identity theft or other financial harm.”
The legislation being requested by the groups would include a data breach notification component, requiring companies to notify consumers, law enforcement agencies, and regulators in the event that unencrypted personal information of consumer is compromised. As well, the federal legislation would pre-empt any state law, many of which are “contradictory,” according to the organizations.
Enforcement of the new law would fall to the Federal Trade Commission.
Finally, the law would need to factor “the size and complexity” of each organization, the cost securing data, and “the sensitivity of the personal information an organization holds, as well as guarantees that small organizations are not burdened by excessive requirements.”