Consumer advocates at the state and federal level are joining together to lobby against a bill that would establish a national data breach notification law.
The bill, introduced last week by Rep. Blaine Luetkemeyer [R-Mo.], is being marked up today by the House Financial Services Committee.
Calling it a “Trojan Horse” bill that would eliminate “stronger state laws,” Ed Mierzwinski, the director of the U.S. Public Interest Research Group said a federal law is not needed because states already have existing laws on the books.
The intention of Rep. Luetkemeyer’s bill “is not merely to have one national breach notice requirement for financial institutions, but to take away all other state data security and privacy harm laws, as well as eliminate any stronger breach notice laws,” Mierzwinski wrote.
Mierzwinski also notes that debt collectors, among other groups of financial services organizations would be exempted from those stronger state laws that are already in place.
“This substitute will be presented as narrow and perfected and necessary,” said Mierzwinski. “Actually, it is cleverly written to weaken current federal breach notice requirements for banks and other ‘financial institutions’ while simultaneously throwing all state data security, data breach and other data privacy laws under the bus.”
Calling the bill the “Equifax Protection Act,” Mierzwinski said it would “immunize banks, debt collectors, payday lenders,” and others from stronger state laws.