Sept. 17 — Payment industry executives pressed for action on a national breach notification standard in closed-door meetings with key House and Senate members Sept. 17 as the legislation's prospects in Congress remain uncertain this year.
A single standard for informing consumers about hacks would be easier to follow than the cacophony of laws in 47 states they now face, iPayment, Inc. President Greg Cohen told Bloomberg BNA, before payment executives were due to meet with lawmakers in both chambers.
“No matter what we do as an industry on data protection, breaches occasionally happen,” said Cohen, president-elect of the Electronic Transactions Association, which organized the lobbying effort. “One of the challenges we have in working with a merchant after a breach, is that with 47 state laws, it’s especially challenging figuring out what’s required to be done,” he said.
The payment executives also pushed lawmakers to pass the Cybersecurity Information Sharing Act (S.754), which encourages companies to share information with each other and the government on cyberattacks by shielding them from lawsuits stemming from the disclosure. Responding to critics' concerns that private information could end up being held by the government, Cohen said there is a greater risk of private information ending up in unwanted hands of hackers, which the CISA is intended to prevent. The U.S. Chamber of Commerce, the United States Telecom Association and other industry groups have also been pushing for CISA's passage, but it's uncertain whether it would come to a vote.
“Combatting cyber-theft is a relentless battle,” Jonathan Genovese, director of regulatory compliance and government affairs at the payment processor Vantiv, said in a Sept. 17 e-mail to Bloomberg BNA. “Without the appropriate framework for private enterprise, government cooperation, it's like fighting with one arm tied behind your back.”
House and Senate pre-emption bills on security and notification have drawn the opposition of consumer groups and state attorneys general, who argue the requirements for protecting data and notifying customers would be weakened in states with particularly tough regulations. Financial services lobbyists have expressed doubts that Congress will find room on its packed agenda to consider the bills this year.
But H.R. 2205 sponsor, Rep. Randy Neugebauer (R-Texas), told Bloomberg BNA after a National Association of Federal Credit Unions event Sept. 17 that Congress will have time to take up the issue after dealing with the federal budget and a controversial highways bill. “There’s still a lot of time left in the 114th Congress,” he said. Neugebauer, chairman of the House Financial Services Subcommittee on Financial Institutions and Consumer Credit, said in a statement Sept. 17 that he will not be seeking re-election in 2016.
Neugebauer said at the event that a single standard on data security was needed to “secure every part of the payment chain” because hackers would exploit any weak link.
Banking and other groups have complained that its unfair retailers and other industries do not have the similar anti-breach regulations as do financial institutions under the Gramm-Leach-Bliley Act.
Neugebauer told Bloomberg BNA the array of state notification laws, involving requirements on how soon and what information needs to be given to consumers, are too unwieldy for companies to follow and should be replaced with a single national standard.
The companies “have been managing to deal with disparate state laws in this regard for years,” Susan Grant, the Consumer Federation of America’s consumer protection and privacy director and an opponent of the preemption bills, said in a Sept. 17 e-mail.
The current notification system “is a complex patchwork of various state laws with varying and sometimes conflicting requirements,” Genovese said. “A federal standard will bring certainty and consistency to the process so that businesses clearly understand their obligations and consumers have a better understanding of what they can expect.”
Cohen said the varying notification requirements are so cumbersome that companies need to hire consultants to understand the different requirements. Errors are still made, he said.
“You could send a letter with information the state of Kentucky requires to someone in Virginia. Or you could send a letter based on the time Maryland gives you, when the state where you’re sending the letter gives you 10 days shorter,” he said.
To contact the reporter on this story: Kery Murakami in Washington at email@example.com
To contact the editor responsible for this story: Seth Stern at firstname.lastname@example.org
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)