Draft legislation on data security being considered by the House Energy and Commerce Committee falls short of adequate consumer protections, ABA and several other financial trade groups said in a letter yesterday.
The bill does not require a strong national standard for protection of customer data, the groups explained. Meanwhile, the bill fails to provide adequate recognition of the rigorous standards that the financial industry adheres to under the Gramm-Leach-Bliley Act. “We strongly urge the committee to ensure that entities already covered by federal data protection and notification laws and regulations would not be subject to dual and perhaps inconsistent regulation,” the groups said.
The legislation should also be amended to “ensure that the costs of a data breach are borne by the entity that incurs the breach,” the groups added.