Financial Trades Push for Retailer-Focused Data Security Bill

WASHINGTON — Seven financial trade groups announced Monday that they are banding together to push legislation that would extend banklike data security standards to retailers and nonbank businesses.

The renewed effort, which comes after legislation stalled late last year, is a pre-emptive counterpunch as the largest retail trade association is making its own lobbying effort this week by inviting members to meet with lawmakers.

"Financial institutions have had this obligation for 15 years, and it's long overdue for Congress to pass legislation ensuring that everyone has a similar mandate to keep customer data safe," Jason Kratovil, vice president of government affairs for payments at the Financial Services Roundtable, said in a statement.

The Roundtable, the American Bankers Association, Consumer Bankers Association, Credit Union National Association, Independent Community Bankers of America, National Association of Federal Credit Unions and The Clearing House said they are making a "significant ad buy" and taking out a full-page ad in The Hill as part of their effort to "dominate the Capitol Hill complex."

The financial trades are insisting that Congress pass a version of The Data Security Act of 2015 that was introduced in the House and the Senate last year. The House Financial Services Committee approved the bill in December, but it hasn't moved to the House floor.

The bill would subject retail businesses to Gramm-Leach-Bliley Act data security standards to protect consumer data and implement a nationwide standard.

"Instead of enabling breaches to continue unchecked, Congress should move forward the bipartisan Data Security Act and not waste the remainder of this year," Kratovil said.

But the National Retail Federation has opposed the legislation, saying that it goes too far and would put an undue regulatory burden on retailers.

In a May 2015 letter to lawmakers, David French, senior vice president of government relations at the federation, wrote, "The scope of this regulatory expansion would be dramatic."

Financial institutions should have higher data security requirements because they have "much broader sets of the most sensitive personal and financial customer information in digitized form," he said.

Reps. Randy Neugebauer, R-Texas, and John Carney, D-Del., worked together on the House version of the bill that passed the financial services committee, while Sens. Thomas Carper, D-Del., and Roy Blunt, R-Mo., led the effort on the Senate side.

For reprint and licensing requests for this article, click here.
Law and regulation Bank technology Cyber security Data breaches Data security Credit cards Nonbank Compliance
MORE FROM AMERICAN BANKER