On September 13, 2018, the House Financial Services Committee approved H.R. 6743, the Consumer Information Notification Requirement Act, by a vote of 32-20. Introduced earlier this month by Representative Blaine Luetkemeyer (R-MO), the legislation establishes a national data breach notification standard for entities regulated by the Gramm-Leach-Bliley Act (“GLBA”) to notify consumers of a data breach.
As approved by the Committee, H.R. 6743 would require federal financial regulators to establish breach notice standards within six months of enactment and would preempt state law for GLBA institutions so as to ensure timely notification of consumers. During the markup, Representative Luetkemeyer recognized that the measure addresses a “small sliver of the actual problems surrounding data security” and expressed his support for efforts to “move a comprehensive package that addresses data security and breach notification among all industries not just the financial sector.”
House Financial Services Committee Ranking Member Maxine Waters (D-CA) opposed H.R. 6743 and offered an amendment to strike the bill’s preemption provisions, noting her concerns that H.R. 6743 would “significantly reduce and not strengthen the privacy, confidentiality and security of consumers' non-public personal information.” Representative Waters contended that the scope of federal preemption “could be interpreted to neutralize state AGs” and harm the role that the states have played in safeguarding consumer information. The Waters’ amendment was not agreed to, by a vote of 20-32.
The American Bankers Association, Consumer Bankers Association, Credit Union National Association and Electronic Transactions Association all sent letters of support, characterizing H.R. 6743 as a step toward comprehensive data breach legislation. Their letters can be found here and here. In contrast, the National Governors Association and the National Association of Insurance Commissioners expressed their opposition to H.R. 6743, and their letters can be found here and here.
With limited legislative days remaining on the 2018 congressional calendar and continued disagreement over the bill’s scope and preemption, it is unlikely that national data breach legislation will be enacted before the end of the year. The text of H.R. 6743, as approved by the House Financial Services Committee, can be found here.