House Financial Services Committee Considers Data Security; BCFP Guidance Legislation

The committee worked on votes Thursday before a recess advanced by the impact of Hurricane Florence. The House will resume business the week of Sept. 24.

9/13/2018 2:00 PM

House Financial Services Committee Considers Data Security; BCFP Guidance Legislation

The House Financial Services Committee considered several legislative proposals Thursday, including separate measures to provide guidance procedures for the Bureau of Consumer Financial Protection and to strengthen data security notification standards.

U.S. Rep. Sean Duffy, R-Wis., presented the Give Useful Information to Define Effective (GUIDE) Compliance Act, H.R. 5534, during the committee’s markup as the U.S. House of Representatives approached an earlier recess and vote deadlines due to Hurricane Florence.

The House canceled its votes set for Sept. 14 due to the impending storm and will resume business on Capitol Hill the week of Sept. 24 after a recess already scheduled for next week, according to The Hill.

Duffy’s legislation passed the committee to advance for consideration on the House floor. ACA recently expressed support for this legislation in a letter concerning the nomination of Kathy Kraninger as director of the BCFP.

The letter stated, “Often an entity seeks guidance from a regulatory agency because a critical issue arises that requires explanation. This may be within the course of litigation or pending litigation, or necessary for on-going compliance, and time is of the essence. Furthermore, courts often give deference to guidance, which provides further support for their utility. Scenarios arise that sometimes are overlooked in the consideration of a rule. Industries change, and in the case of the debt collection market, technologies may provide enhancements to standard procedures. This may assist in the development of best practices and could allow regulators to assess the effectiveness of the current rule.”

Guidance is defined in the legislation as “any written interpretive or legislative rule, interim final rule, bulletin, statement of policy, letter, examination manual, frequently asked question or other document issued by the bureau regarding compliance with a federal consumer financial law that is exempt from notice and comment rulemaking requirements under section 553(b) of title United States Code.”

Duffy said the legislation is designed to provide procedures for guidance by the BCFP.

U.S. Rep. Dave Trott, R-Mich., said it will bring clarity to the process and help businesses and consumers at the same time.

Mixed Support for Data Breach Notification Standards Legislation

The committee also discussed U.S. Rep. Blaine Luetkemeyer’s bill, the Consumer Information Notification Requirement Act, (H.R. 6743) “to amend the Gramm-Leach-Bliley Act to provide a national standard for financial institution data security and breach notification on behalf of all consumers, and for other purposes.”

Luetkemeyer, R-Mo., said the legislation is the right balance between stricter federal data breach notification standards while considering states’ authority to have their own standards and enforce the federal law, if it passes. It would eliminate the “patchwork” of notification standard requirements and streamline the process, he said.

“We would for the first time institute a statutory requirement that all financial institutions notify consumers in the event of a data breach,” he said. “I’m afraid we’ve become completely numb to these breaches and to the fact that our personal information and the personal information of the people who elect us to these positions have been exposed time and time again.”

During the hearing, U.S. Rep. Maxine Waters, D-Calif., ranking member of the committee submitted an amendment to strike a portion of the legislation that would pre-empt states’ laws with respect to financial institution safeguards.

“While components of the bill claim it will strengthen data security for consumers, I disagree,” she said.

Luetkemeyer said Waters’ amendment―which did not pass―would defeat the purpose of the bill. The legislation received a favorable vote 32-20 for consideration on the House floor.

ACA International is reviewing the legislation and considering how to best support it.

Related Content from ACA International:

U.S. Rep. Luetkemeyer Proposes Data Breach Notification Standards

From the Web: Cybersecurity Legislation Slated for Action in 2018, if Congressional Schedule Allows

House Subcommittee Discusses ‘Data Security in a Modern World’

Follow ACA International on Twitter @ACAIntl and @acacollector, Facebook and request to join our LinkedIn group for news and event updates. ACA International members are welcome to submit news items for possible publication to Visit our publications page for news submission guidelines and subscriptions to ACA Daily, Collector magazine and Pulse.

Advertising is available for companies wishing to promote their products or services. Be sure to visit the ACA Events Calendar on the Education and Training page to view our listing of upcoming CORE Curriculum and Hot Topic seminars featuring critical educational opportunities for your company.

Subscribe to ACA Daily NEWSROOM