The Subcommittee on Financial Institutions and Consumer Credit held a hearing this week to examine ways to improve and streamline regulations around data security and breach notifications.
With a patchwork of conflicting state laws, there is a lack of regulatory standards around data security and breach notification regulations. The increasing frequency and sophistication of cyberattacks demands enhanced efforts to protect consumers’ financial data.
Protecting information and systems from cyber-attacks should be a priority for Congress, speakers said.
“Every year, the number and severity of data breaches seems to increase, and more Americans seem to become victims of fraud and identity theft,” Subcommittee Chairman Rep. Blaine Luetkemeyer (R-MO) said. “Consumers are left not only facing financial harm but also the daunting task of restoring the integrity of their personal information. Today’s hearing was a good opportunity to hear from a diverse group of witnesses on opportunities to reform the current federal and state data security regulatory regimes in order to reduce vulnerabilities and shortcomings in the system.”
Aaron Cooper, vice president of global policy at BSA, The Software Alliance said a uniform federal data breach standard will decrease uncertainty and facilitate quicker responses to security incidents.
“Federal guidance on data security will drive stronger security measures across the Internet ecosystem,” Cooper said.
According to the Identity Theft Resource Center, there was a record 1,579 data breach incidents in 2017 — an increase of 44.7 percent over 2016’s record high.
“Without enhanced data security protections for all entities involved in the payments process we are likely to see no slowdown in data breaches in the following years,” Kim Sponem, president and CEO of Summit Credit Union, said, speaking on behalf of the Credit Union National Association.
Nathan Taylor, a partner at Morrison & Foerster LLP, added that a nationwide standard for data security and breach notification would be good for consumers and businesses.
“American consumers would benefit by receiving the same protections for sensitive personal information about them regardless of where they may live,” Taylor said. “American businesses would benefit from a single standard that can be applied consistently to protect sensitive personal information and to respond to the unfortunate, but inevitable, security incidents. This is a national issue, and I believe that the time is now for Congress to act.”
Paul Rosenzweig, senior fellow, R Street Institute, concluded by saying that cyber threats are real and neither the private nor public sectors are fully equipped to deal with them.