Newsroom

Back to the Newsroom
March 18, 2015

House subcommittee eyes data security draft

Members of the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade considered new draft legislation that would enact a national data security standard during a hearing Wednesday.

A letter from NAFCU Vice President of Legislative Affairs Brad Thaler was entered into the record; Thaler urged the subcommittee to strengthen the draft legislation by incorporating a strong national data security standard for retailers and to mandate related rulemaking.

Committee Chairman Fred Upton, R-Mich., noted that "There is not a single member of this committee who does not represent someone who has suffered from identity fraud." Subcommittee Chairman Michael Burgess, R-Texas, also discussed the importance of "a single federal standard on data security and breach notification" and mentioned that most states do not have data security legislation.

However, Subcommittee Ranking Member Jan Schakowsky, D-Ill., and witnesses representing the Federal Trade Commission and the Federal Communications Commission objected to the draft's lack of protection for personal information such as geolocation data and healthcare information, and they raised concerns about the bill preempting existing state legislation. The FTC and FCC witnesses agreed that the FTC should have rulemaking authority in order to craft rules for data protection, so they can respond as new security threats emerge and technology evolves.

Rep. Peter Welch, D-Vt., who sponsored the draft with Rep. Marsha Blackburn, R-Tenn., said it's not currently clear who is in charge of data security enforcement, saying it was like the "wild west." He also maintained that "90 percent of the problem [for consumers] is the loss of their identity and their financial information," and that other data is not necessary to include in the draft legislation's narrow focus.

NAFCU continues to press Congress for action on legislation which ensures that:

  • breached entities be held accountable for costs resulting from their negligence;
  • consumers be notified of breaches and made aware of retailers' data security policies;
  • account servicers be notified; and
  • retailers be held to a strong national standard on data security.

Related Resources

Data Privacy Issue Brief

Whitepapers

Data Privacy Issue Brief

Whitepapers

NAFCU Data Privacy Principles

Whitepapers

Compliance Monitor - August 2018

Newsletter