Bill introduced w/ data breach notification reqs, preemption

September 7, 2018

Rep. Blaine Luetkemeyer (R-Mo.) formally introduced data breach notification legislation Friday, a bill that would provide credit unions regulatory relief if they suffered a data breach. The bill is titled the Consumer Information Notification Requirement Act. 

“This legislation is a positive step in the direction of supporting credit unions and consumers, and we thank Rep. Luetkemeyer for his leadership on this issue,” said CUNA President/CEO Jim Nussle.

Specifically, the bill would create:

  • A notification regime requiring timely notice to impacted consumers, law enforcement and applicable regulators; and
  • Clear preemption of the existing patchwork of often conflicting and contradictory state laws.

Eliminating the patchwork of state notification requirements would provide regulatory relief to credit unions. 

CUNA will continue to work with Congress to create a legislation strong data breach legislation that holds merchants accountable by creating strong data requirement for merchants. CUNA maintains the position that entities which accept payment cards must be subject to the same security requirements as those who issue cards, and this standard should be enforced exclusively by the Federal Trade Commission and state attorneys general.

CUNA wrote to Congress outlining these principles in July, and launched its latest Member Activation Program campaign, “Stop the Data Breaches” to activate credit union members to call on Congress for data breach legislation.