Rep. Luetkemeyer Drafting Financial Sector Data Breach Bill (1)

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Sara Merken

Rep. Blaine Luetkemeyer is drafting legislation that could boost financial companies’ obligations to report data breaches, a spokesperson confirmed to Bloomberg Law.

Leutkemeyer (R-Mo.), the chairman of the House Financial Services Financial Institutions and Consumer Credit Subcommittee, is writing the bill amid heightened awareness of cybersecurity threats to the financial sector.

Equifax Inc. was heavily criticized in 2017 for its responses to a hack that exposed millions of Americans’ personal information.

Leutkemeyer’s effort was reported earlier by Inside Cybersecurity.

Codifying Existing Guidance

The bill would apply to financial institutions covered under the Gramm–Leach–Bliley Act, which governs how those entities deal with the private information of individuals, a senior Republican House aide told Bloomberg Law. The bill would preempt state jurisdiction over those covered entities, the aide said.

The bill, which is not yet finalized, would codify existing guidance from the Federal Financial Institutions Examination Council, a group of banking regulators spanning several agencies.

The hope is to have final legislative language completed “very soon,” the aide said.

Earlier this year, Luetkemeyer and Rep. Carolyn Maloney (D-N.Y.) floated a broader data breach and security draft bill that would establish a federal standard for how some companies notify consumers after a data breach. That draft drew strong criticism from consumer advocates because it would have exempted financial institutions that adhere to Gramm–Leach–Bliley.

The House aide said that bill is still being discussed, as part of a more comprehensive approach to data security.

Request Bloomberg Law: Privacy & Data Security