The Financial Services Roundtable, a trade association for large banks, is urging the House Financial Services Committee and, more broadly, Congress, to enact strong data security legislation to better protect consumers and ensure sensitive financial information is kept safe.
“FSR supports legislation that ensures all companies are required to protect sensitive personal and financial data with a strong but flexible, scalable data security framework,” wrote FSR’s vice president of government affairs for payments, Jason Kratovil. “No reasonable person would conclude that the status quo lack of federal requirements that all other companies should protect sensitive data and be required to notify consumers of a breach is acceptable in today’s data-intensive economy.”
Kratovil’s letter coincided with a Committee hearing on Feb. 14, “Examining the Current Data Security and Breach Notification Regulatory Regime”
While Congress has imposed specific data protection obligations on the financial industry, FSR supports Congressional efforts to enact legislation that ensures all companies across the economy are:
Required to protect sensitive personal and financial data with a strong but flexible and scalable data security framework;
Require timely notification to consumers that are at risk of identity theft or fraud when a breach occurs; and
Ensure compliance through appropriate Federal and State oversight, while recognizing existing federal obligations, including GLBA; and eliminate overlapping and inconsistent state laws.
The financial industry, along with healthcare, are the two sectors of the economy on which Congress has imposed specific data protection obligations, the letter points out. For FSR’s members, those obligations originate from the Gramm-Leach-Bliley Act. Enacted in 1999, that statute is the foundation of comprehensive data security obligations for the financial industry.
Kratovil agreed that improving data security should involve multiple industries.
“A letter submitted for the hearing by, among others, the National Association of Convenience Stores was kind enough to remind this Subcommittee of FSR’s efforts to build consensus among a diverse group of industry stakeholders for federal data security legislation when we helped bring together 23 associations and coalitions on a recent letter to your colleagues on the Energy & Commerce Committee,” he wrote. “This letter marked the first-time multiple industries with a history of antagonism on this issue have joined together on a unified set of principles in urging Congress to enact strong data security legislation, rejecting the status quo regulatory gaps outside of healthcare and financial services.”
“Taking into account existing requirements on certain sectors, we submit that no reasonable person would conclude that the status quo lack of federal requirements that all other companies should protect sensitive data and be required to notify consumers of a breach is acceptable in today’s data-intensive economy,” he added.