CBA Letter of Support, Data Security Act of 2015

April 16, 2015


The Honorable Roy Blunt

United States Senate

260 Russell Senate Office Building

Washington, DC 20510


The Honorable Thomas Carper

United States Senate

513 Hart Senate Office Building

Washington, DC 20510



Dear Senator Blunt and Senator Carper:

Since 2005, there have been more than 5,000 reported data breaches involving an estimated 675 million records.1   In a single year from 2013 to 2014, the number of breaches increased significantly by over 27 percent. The impetus for strengthening our nation’s data security protections could not be more evident. As such, on behalf of the Consumer Bankers Association (CBA), I write to thank you for introducing the Data Security Act of 2015.


The Data Security Act of 2015 is a bipartisan bill that will establish a national data security standard across industries to better safeguard consumers’ sensitive personal and financial information, provide consumers with timely notification in the event of a breach, and replace a patchwork of inconsistent state laws.


Importantly, this bill recognizes the flexibility, scalability, and overall success of the internal safeguards and processes financial institutions have put into place under the Gramm-Leach-Bliley Act (GLBA) and the need for other industries to develop and maintain similar common-sense safeguards.  By complying with stronger data security standards under GLBA, financial institutions accounted for less than six percent of nationwide breaches in 2014 – with the remaining 94 percent of breaches occurring in the retail, healthcare, government, and education sectors. Despite fewer breaches, financial institutions have had to incur significant costs to notify customers, reissue cards, and make customers whole every time a breach occurs at a retailer. By implementing a strong data security standard across all industries, there will be fewer breaches, less fraud-related costs, and greater consumer protections.


Additionally, this bill creates a uniform federal standard that preempts the confusing patchwork of 47 inconsistent state breach notification laws, and it allows for banks, which often have the most direct relationship with affected consumers, to notify their customers of the type and origin of a breach so that they can take proper precautions to safeguard their financial information in the future.


CBA applauds your bipartisan efforts on this important issue and will encourage your colleagues to join you in protecting consumer information against the alarming increase in cyber threats.



Richard Hunt

President and CEO

Consumer Bankers Association


Footnote: 1) Identity Theft Resource Center, Identity Theft Resource Center Report Hits Record High in 2014, Accessed at:


Consumer Bankers Association | 1225 Eye Street, NW, Suite 550 | Washington, DC 20005