Press Releases

Securing Your Personal Financial Information


Washington, March 7, 2018 -

The Subcommittee on Financial Institutions and Consumer Credit held a hearing today to discuss two legislative proposals, the “Data Acquisition and Technology Accountability and Security Act” and the “Promoting Responsible Oversight of Transaction and Examinations of Credit Technology (PROTECT) Act of 2017.” These important bills – sponsored by Representatives Blaine Luetkemeyer (R-MO) and Patrick McHenry (R-NC), respectively – would reform the current data security and breach notification regulatory regime, as well as reform standards for large consumer reporting agencies.

“Forty-eight states, the District of Columbia, Guam, Puerto Rico and the Virgin Islands have all enacted differing laws requiring private companies to notify individuals of breaches of personal information. For each state with robust safeguards and requirements in place, there is another with protections that are simply insufficient – creating a regulatory labyrinth that causes compliance nightmares while leaving uncertainty where certainty is needed the most – consumer notification,” said Chairman Blaine Luetkemeyer (R-MO). “This isn’t a question of if but of when.  The legislation we consider today aims to foster an environment where consumers are not just protected but empowered.”

Topline Quotes from Witnesses

“Consumers today benefit from a democratic, accurate and fair credit system. Individual consumers have the liberty to access credit anywhere in the country from a wide variety of lenders based solely on their own personal history of handling credit. Families buying a home for the first-time access mortgage products that suit their individual needs and capabilities. Young people who have new jobs in a new city can go to an auto dealer and drive away with a financed car even without any history in that community. With the rise of the internet, new credit opportunities have expanded even further to meet individual needs.” – Francis Creighton, President and CEO, Consumer Data Industry Association

“[t]he reality facing organizations today is they must race to keep up with increasingly sophisticated and well-resourced hackers – ranging from criminals to nation-states – who are scheming to stay one step ahead of their victims. Unfortunately, the percentages do not favor the defenders, who must be successful every time to avoid a breach. Instead, the odds favor the attackers, who only need to be successful once to execute a successful breach. And when a breach of sensitive personally identifiable information (PII) occurs, we believe there should be a streamlined and uniform process to notify consumers in cases where there is a significant risk of identity theft, financial harm, or material economic loss.” – John S. Miller, Vice President, Global Policy and Law, Information Technology Industry Council

“Data breach and payment security issues are fundamentally about protecting consumers. Every American business that handles sensitive financial information should have an innate motivation to protect it, if for no other reason than maintaining the trust and continued business of their customers.” – Jason Kratovil, Vice President, Financial Services Roundtable

Print version of this document