CBA Joint Comment Letter Supporting Strong Data Security Legislation

November 1, 2017



The Honorable Blaine Luetkemeyer                                


Subcommittee on Financial Institutions and Consumer Credit                           

Washington, D.C. 20515                                                 


  The Honorable William Lacy Clay

  Ranking Member

  Subcommittee on Financial Institutions and Consumer Credit

  Washington, D.C. 20515


Dear Chairman Luetkemeyer and Ranking Member Clay:


Data security breaches continue to put millions of consumers at risk, and protecting consumer information is a shared responsibility of all parties involved.  That is why the undersigned financial organizations and our members have supported comprehensive data protection and consumer notification legislation across several Congresses and have worked closely with key Members of this Committee and many others in the House and Senate to help advance this worthy cause.


Stopping incidents like the recent Equifax, Sonic, Hyatt and other breaches is critical for consumers, and also important to our members who often have the closest relationships with those affected.  Data breaches impose significant costs on financial institutions of all sizes because our first priority is to protect consumers and make them whole.  Our members provide relief to victims of breaches, regardless of where the breach occurs.


In our view, it is critical for Congress to move forward on legislation that puts in place one

strong national data security and breach notification standard eliminating the current inconsistent patchwork of state law.


This standard should:


1)   Ensure that all entities are required to protect sensitive personal and financial data;

2)   In the event of a breach, require timely notification of consumers and impacted parties that are at risk; and

3)   Ensure compliance via appropriate Federal and State regulators and eliminate overlapping and inconsistent laws and regulations.


Any legislation enacted into law must ensure that all entities that handle consumers’ sensitive financial data have in place a robust process to protect data, which can help prevent breaches from happening in the first place.  This standard should apply to all industries that handle sensitive information and would provide meaningful and consistent protection for consumers nationwide.


Our existing payments system serves hundreds of millions of consumers, retailers, financial institutions and the economy well.  Protecting this system is a shared responsibility of all parties


involved and we must work together and invest the necessary resources to combat increasingly sophisticated threats to the payments system.


We look forward to working with you on this important issue.



American Bankers Association Consumer Bankers Association Credit Union National Association Financial Services Roundtable

Independent Community Bankers of America

National Association of Federally-Insured Credit Unions

The Clearing House



cc:       Members of the House Subcommittee on Financial Institutions and Consumer Credit