September 14, 2018

Data breach notification, BCFP guidance standardization bills advance

Capitol domeTwo NAFCU-backed bills advanced out of the House Financial Services Committee Thursday: one that would require data breach notifications for all financial entities, and one to streamline the Bureau of Consumer Financial Protection's (previously the CFPB) guidance processes.

Subcommittee Chairman Blaine Luetkemeyer, R-Mo., introduced the Consumer Information Notification Requirement Act (H.R. 6743) last week. It would amend the Gramm-Leach-Bliley Act to require a notice of unauthorized access that is likely to result in identity theft, fraud or economic loss by all financial entities – including credit bureaus – akin to what is already in place for financial institutions. In turn, entities with national data standards would be pre-empted from state established standards and notification requirements.

NAFCU and other financial services industry trade groups asked the committee to advance H.R. 6743 – which is a scaled down version of data security legislation Luetkemeyer had been working on – to the full House as an encouraging step toward enacting comprehensive data security legislation.

Introduced by Subcommittee Chairman Sean Duffy, R-Wis., and Rep. Ed Perlmutter, D-Colo., the Give Useful Information to Define Effective (GUIDE) Compliance Act (H.R. 5534) would require the bureau to issue timely guidance on its rules in order to facilitate industry compliance and better protect consumers. In June, NAFCU joined with more than a dozen trade groups to write in support of the bill.

The committee advanced the data breach notification bill to the full House by a vote of 32-20; the GUIDE Compliance Act advanced 38-14.