Joint Trades Letter to House Energy and Commerce Committee regarding Data Security

January 4, 2018

 

The Honorable Greg Walden

Chairman

House Energy & Commerce Committee

2125 Rayburn House Office Building

Washington, DC 20515

 

The Honorable Bob Latta

Chairman

Subcommittee on Digital Commerce and Consumer Protection

2125 Rayburn House Office Building

Washington, DC 20515

 

Dear Chairman Walden and Chairman Latta:

 

The undersigned organizations, representing companies across the American economy, take the stewardship and protection of customers’ personal information very seriously.  That is why we support federal legislation to protect personal information and, in the event of a data breach that could result in identity theft or other financial harm, ensure consumers are notified in a timely manner.

 

We believe that Congress should enact legislation encompassing the following elements:

 

  • A flexible, scalable standard for data protection that factors in (1) the size and complexity of an organization, (2) the cost of available tools to secure data, and (3) the sensitivity of the personal information an organization holds, as well as guarantees that small organizations are not burdened by excessive requirements.

 

  • A notification regime requiring timely notice to impacted consumers, law enforcement, and applicable regulators when there is a reasonable risk that a breach of unencrypted personal information exposes consumers to identity theft or other financial harm.

 

  • Consistent, exclusive enforcement of the new national standard by the Federal Trade Commission (FTC) and state Attorneys General, other than for entities subject to state insurance regulation or who comply with the Gramm-Leach-Bliley Act or the Health Insurance Portability and Accountability Act of 1996/HITECH Act.  For entities under its jurisdiction, the FTC should have the authority to impose penalties for violations of the new law.

 

  • Clear preemption of the existing patchwork of often conflicting and contradictory state laws.

 

Data security impacts every sector of the economy. We therefore look forward to working with you and your colleagues to ensure that all sectors employ sound data security and alert consumers when a breach may result in identity theft or other financial harm. 

 

Sincerely,

 

ACT | The App Association

American Bankers Association

American Insurance Association

American Land Title Association

BSA | The Software Alliance

Consumer Bankers Association

Credit Union National Association

CTIA

Electronic Transactions Association

Financial Services Roundtable

Independent Community Bankers of America

Independent Insurance Agents and Brokers of America

Internet Commerce Coalition

National Association of Federally-Insured Credit Unions

National Association of Mutual Insurance Companies

National Business Coalition on E-Commerce & Privacy

Property Casualty Insurers Association of America

Reinsurance Association of America

Retail Industry Leaders Association

TechNet

Twenty-First Century Privacy Coalition

USTelecom