House Subcommittee Discusses Data Security Legislation

The subcommittee reviewed two legislative proposals aimed at implementing data security and breach notification regulations.

3/8/2018 8:46:00 PM


The House Subcommittee on Financial Institutions and Consumer Credit met March 7 to discuss two legislative proposals, the “Data Acquisition and Technology Accountability and Security Act” and the “Promoting Responsible Oversight of Transaction and Examinations of Credit Technology (PROTECT) Act of 2017.”

These important bills—sponsored by U.S. Reps. Blaine Luetkemeyer, R-Mo., and Patrick McHenry, R-N.C., respectively—would reform the current data security and breach notification regulatory regime, as well as reform standards for large consumer reporting agencies, according to a news release.

“Consumers must be front and center throughout the conversation surrounding data protection. Today’s hearing explored a new set of standards that will protect and empower consumers across the nation,” Luetkemeyer, chairman of the subcommittee, said in a new release. “This is a challenging issue, one that has been seriously debated in Congress for well over a decade.  How many more millions of Americans need to be the victim of financial fraud or identity theft? The time to act is now. It’s essential that industry groups look at the bigger picture here and realize the immeasurable benefits data security safeguards and a responsible notification process will have on their customers and businesses. We are facing a national problem that requires an immediate national solution, which is why my legislation, developed with my colleague from New York, Congresswoman Maloney is both timely and necessary.”

Witnesses during the hearing included:

  • Sara Cable, director, Data Privacy and Security, and assistant attorney general, Office of the Attorney General, Commonwealth of Massachusetts
  • Francis Creighton, president and CEO, Consumer Data Industry Association
  • John S. Miller, vice president, Global Policy and Law, Information Technology Industry Council
  • Jason Kratovil, vice president, Financial Services Roundtable.

“[T]he reality facing organizations today is they must race to keep up with increasingly sophisticated and well-resourced hackers—ranging from criminals to nation-states—who are scheming to stay one step ahead of their victims,” Miller said during the hearing. “Unfortunately, the percentages do not favor the defenders, who must be successful every time to avoid a breach. Instead, the odds favor the attackers, who only need to be successful once to execute a successful breach. And when a breach of sensitive personally identifiable information (PII) occurs, we believe there should be a streamlined and uniform process to notify consumers in cases where there is a significant risk of identity theft, financial harm, or material economic loss.”

Related Content from ACA International:

House Subcommittee Examines Fintech

From the Web: ‘Fed Official Dismisses Regulatory Sandboxes for Fintech’

From the Web: Cybersecurity Legislation Slated for Action in 2018, if Congressional Schedule Allows

Follow ACA International on Twitter @ACAIntl and @acacollector, Facebook and request to join our LinkedIn group for news and event updates. ACA International members are welcome to submit news items for possible publication to Visit our publications page for news submission guidelines and subscriptions to ACA Daily, Collector magazine and Pulse. Advertising is available for companies wishing to promote their products or services. Be sure to visit the ACA Events Calendar on the Education and Training website to view our listing of upcoming CORE Curriculum and Hot Topic seminars featuring critical educational opportunities for your company.

Subscribe to ACA Daily NEWSROOM