WASHINGTON — Twenty-two financial, retail and technology trade associations have sent a letter to the House Energy and Commerce Committee calling for new federal regulations governing data breaches that would preempt state law.
The groups said new legislation should create a “flexible, scalable” standard that would account for the size, cost and nature of data collected by a company and that it should create a “notification regime” requiring timely notice of a data breach to consumers, law enforcement and regulators.
“Consumers’ private information is extremely important to them, and Congress must act to better protect them,” said Jason Kratovil, vice president of government affairs for payments at the Financial Services Roundtable, who co-signed.
The trade groups also said there should be “clear preemption of the existing patchwork of often conflicting and contradictory state laws” when it comes to new data breach regulations. The Federal Trade Commission and state attorneys general should have exclusive enforcement rights outside of companies subject to the Gramm-Leach-Bliley Act, state insurance regulations and the Health Insurance Portability and Accountability Act of 1996, the groups added.
“For the first time in over a decade, the banking, payment, retail, telecommunication and technology industries have come together to call on Congress to enact national data security legislation. Congress should harness this momentum and quickly deliver a bill to the President’s desk,” Kratovil said in the Jan. 4 letter to House Energy and Commerce Committee Chairman Greg Walden, R-Ore., and Bob Latta, R-Ohio. Latta chairs the Subcommittee on Digital Commerce and Consumer Protection.
The American Bankers Association, Consumer Bankers Association, Credit Union National Association, Independent Community Bankers of America, National Association of Federally-Insured Credit Unions and the Electronic Transactions Association also signed the letter.