CUNA joined with several other organizations Thursday and wrote to House Energy and Commerce members in support of federal legislation to protect personal information and ensure consumers are notified of a data breach in a timely manner. The letter was sent to Reps. Greg Walden (R-Ore.), committee chairman and Bob Latta (R-Ohio), chairman of the subcommittee on digital commerce and consumer protection.

“Data security impacts every sector of the economy,” the letter reads. “We therefore look forward to working with you and your colleagues to ensure that all sectors employ sound data security and alert consumers when a breach may result in identity theft or other financial harm.”

The organizations called for legislation that includes:

• A flexible, scalable data protection standard that factors in the size and complexity of the organization, the cost of available tools to secure data and the sensitivity of the information an organization holds. It should also guarantee small organizations are not burdened by excessive requirements;
   
• A notification regime requiring timely notice to impacted consumers, law enforcement and applicable regulators when there is a reasonable risk the breach exposes consumers to identity theft or other financial harm;
   
• Consistent, exclusive enforcement of the new national standard by the Federal Trade Commission and state attorneys general, other than for entities subject to state insurance regulation or who comply with the Gramm-Leach-Bliley Act or the Health Insurance Portability and Accountability Act of 1996. For entities under its jurisdiction, the FTC should have the authority to impose penalties for violations of the new law; and
   
• Clear preemption of the existing patchwork of often conflicting and contradictory state laws.