ABA-Backed Data Security Bill Advances by Strong Margin

The House Financial Services Committee today voted by a strong 46-9 margin to advance the bipartisan Data Security Act (H.R. 2205), introduced by Reps. Randy Neugebauer (R-Texas) and John Carney (D-Del.), which would establish a national data security and breach notification standard for financial institutions and retailers.

ABA welcomed the bill, which is part of ABA’s Agenda for America’s Hometown Banks. The bill “would increase protections for consumers by ensuring all entities that handle sensitive financial data have a robust process to protect data in place,” said ABA EVP James Ballentine. “This would go a long way toward stopping breaches before they occur.”

Like a similar Senate bill introduced by Roy Blunt (R-Mo.) and Tom Carper (D-Del.), H.R. 2205 models its security and notification requirements on the rigorous standards already in place in the financial industry under the Gramm-Leach-Bliley Act and recognizes that financial institutions do not need a duplicative set of requirements.

The bill would replace state laws with a single set of national data security requirements that are scalable to accommodate the needs of smaller businesses. It would require a company experiencing a breach to notify all affected customers, as well as federal agencies, law enforcement and consumer credit agencies when a breach affects more than 5,000 individuals.

The committee also voted today by 33 to 21 to approve the ABA-supported H.R. 3791, which would expand the relief offered under the Federal Reserve’s small bank holding company policy statement to institutions with assets under $5 billion, up from the current $1 billion. H.R. 3791 was sponsored by Rep. Mia Love (R-Utah) and expands on congressional action at the beginning of 2015 to raise the threshold from $500 million in assets.