Joint letter to House re HR2205 Data Breach Markup


December 7, 2015


The Honorable Jeb Hensarling                                       The Honorable Maxine Waters

Chairman                                                                     Ranking Member

House Financial Services Committee                             House Financial Services Committee

2149 Rayburn House Office Building                              B301C Rayburn House Office Building

Washington, D.C. 20515                                               Washington, D.C. 20515


Dear Chairman Hensarling and Ranking Member Waters:


On behalf of the members of the undersigned financial services trade associations, we are writing to express our support for the Substitute Amendment to the Data Security Act of 2015 (H.R. 2205), scheduled to be marked up by the Committee on December 8. Introduced by Chairman Randy Neugebauer and Representative John Carney, this important legislation has 29 bipartisan cosponsors, many of whom are members of the Financial Services Committee.  During a hearing on May 14, many members of this Committee expressed their support.


H.R. 2205 is especially timely in light of the data security breaches at major retailers that have put millions of consumers at risk. In our view, protecting consumer information is a shared responsibility of all parties involved. The Data Security Act ensures all entities that handle consumers’ sensitive financial data have in place a robust process to protect data, which can help prevent breaches from happening in the first place.


Stopping breaches is critical for consumers, and also important to our members who often have the closest relationships with those affected. Data breaches impose significant costs on banks, credit unions and other financial institutions of all sizes because our first priority is to protect consumers and make them whole. Our members provide relief to card holders that are victims of breaches, regardless of where they occur.


Banks and credit unions are already required by law and regulation to protect consumer data and provide notice in the event a breach is likely to cause harm. This important legislation would extend these requirements to apply to all industries that handle sensitive information and would provide meaningful and consistent protection for consumers nationwide, while recognizing the strong protections already in place for financial institutions under the Gramm-Leach-Bliley Act (GLBA) and subsequent regulations.  Contrary to what some retailing trades suggest compliance with GLBA data security and breach notification rules are mandatory.  In fact, banks and credit unions are regularly examined to ensure compliance.


Extending similar requirements to other industries that handle sensitive information will result in better consumer protection against data theft and fraud. In addition, the Substitute Amendment addresses the manner by which this federal statute would be enforced against insurance firms. We appreciate the Committee’s interest in this area and look forward to further developing the standard for this industry with the Committee and other stakeholders that will result in uniform enforcement.


The reforms in the bill would effectively replace the current patchwork of state and federal regulations for data breaches with a national law that provides uniform protections across the country. This comprehensive approach would better serve consumers by making it easier for businesses and government agencies to take the steps necessary to adequately protect all Americans from identity theft and account fraud.


Our existing payments system serves hundreds of millions of consumers, retailers, financial institutions and the economy well. Protecting this system is a shared responsibility of all parties involved and we must work together and invest the necessary resources to combat increasingly sophisticated threats to the payments system.


We strongly support this important bipartisan legislation and urge support from all Members of the Committee. Additionally, it is vitally important that the core provisions of H.R. 2205 remain intact and urge you to oppose any amendments that would undermine it including amendments that would impose static technology mandates.  In a rapidly changing security environment, technology is best left to innovation, not legislation.




American Bankers Association

American Land Title Association

Consumer Bankers Association

Credit Union National Association

Financial Services Roundtable

Independent Community Bankers of America

National Association of Federal Credit Unions

The Clearing House


CC:      Members of the House Financial Services Committee