Newsroom

The House Energy and Commerce Committee on Wednesday approved H.R. 1770, the "Data Security and Breach Notification Act," by a vote of 29 to 20, but NAFCU is pressing lawmakers to strengthen language regarding merchant data security standards.

The bill, sponsored by Rep. Marsha Blackburn, R-Tenn., aims to protect consumers from identity theft and financial fraud by establishing uniform data security and breach notification standards for electronic data. This legislation now awaits action by the full House.

NAFCU made recommendations to committee Chairman Fred Upton, R-Mich., and Ranking Member Frank Pallone, D-N.J., in a letter Wednesday, which included requiring Federal Trade Commission rulemaking authority on data security standards and making entities that fail to meet basic data protection standards liable for any costs incurred from a breach in their systems. The committee took no action in these areas.

NAFCU Vice President of Legislative Affairs Brad Thaler thanked the committee for including a national standard for data security for retailers in the draft while exempting financial institutions, but said the standard should be strengthened beyond "reasonableness."

"While a ‘reasonable' standard described in the current draft is a good first step, without inclusion of a robust and mandated rulemaking, little will be done to prevent data breaches and protect consumers," Thaler wrote.

NAFCU also shared its concerns with the committee in a joint letter with other financial trade organizations.

In any data security measure, NAFCU is pushing for action to ensure:

• breached entities are held accountable for costs resulting from their negligence;
• consumers are notified of breaches and made aware of retailers' data security policies;
• account servicers are notified; and
• retailers are held to a strong national standard on data security.