The Consumer Information Notification Requirement Act, is a response to the large data breach of personal information for 145.5 million consumers in 2017.

On September 7, 2018, U.S. House of Representatives Congressman, Mr. Blaine Luetkemeyer, introduced a bill, House Resolution 6743 which is also referred to as “Consumer Information Notification Requirement Act.”1 This bill was passed by the House Financial Services Committee on September 13, 2018 to be considered further by the full chamber.2 The  Consumer Information Notification Requirement Act amends the existing Section 501 of the Gramm-Leach-Bliley Act in order to establish a national standard on data breach notification.3

What this Means

House Resolution 6743 is not a law and therefore does not require any change to existing breach notification processes by any financial institution. The Consumer Information Notification Requirement Act aims to provide a national standard for financial institution data security and breach notification on behalf of all consumers, and for a series of other purposes.4

The draft legislation states that breach notification standards are to be established under the interpretive guidance of the following agencies: Comptroller of the Currency, the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, and the Office of Thrift Supervision.5 Moreover, for insurers, the bill states insurers must  provide notification in the event of a data breach to the state it is domiciled in or principal place of business and follow breach notification standards set by the prescribed agencies from the legislation.6 Finally, the bill preempts any previous regulations or rules at the state or lower level and permits states to establish data breach notification standards as long as they do not overlap with standards in this piece of draft legislation.7

Key Observations and Take-aways

The Consumer Information Notification Requirement Act, is a response to the large data breach of personal information for 145.5 million consumers in 2017.8 Yet the draft legislation faces opposition from several organizations. The National Association of Insurance Commissioners (NAIC), voiced their dissent by stating “H.R. 6743 disregards the existing state insurance regulatory framework and would inhibit ongoing efforts in the states to adopt data security laws and regulations in the best interest of insurance consumers,” in a letter to legislators.9 Furthermore, the Conference of State Bank Supervisors (CSBS), a nationwide organization of banking regulators, told legislators in a letter that state regulators firmly oppose H.R. 6743 for its attempt to preempt state data breach and privacy laws.10

The House of Financial Services Committee has introduced at least 2 other pieces of legislation related to cybersecurity this year:  Cybersecurity Disclosure Act of 2018 and Data Acquisition & Technology Accountability & Security Act.11 None of these proposed legislations have been passed by Congress.

References

  1. “Consumer Information Notification Requirement Act,” United States House of Representatives, September 7, 2018. Access at: https://financialservices.house.gov/uploadedfiles/bills-115hr6743ih.pdf.
  2. “House panel adopts data security notification bill despite NAIC opposition,” Business Insurance, September 13, 2018. Access at: https://www.businessinsurance.com/article/20180913/NEWS06/912324003/House-panel-adopts-data-security-notification-bill-despite-NAIC-opposition.
  3. “Consumer Information Notification Requirement Act,” United States House of Representatives, September 7, 2018. Access at: https://financialservices.house.gov/uploadedfiles/bills-115hr6743ih.pdf.
  4. Ibid
  5. Ibid
  6. Ibid
  7. Ibid
  8. “Luetkemeyer Introduces the Consumer Information Notification Requirement Act,” U.S. Congressman, Blaine Luetkemeyer, Press release, September 7, 2018. Access at: https://luetkemeyer.house.gov/news/documentsingle.aspx?DocumentID=399113.
  9. “House panel adopts data security notification bill despite NAIC opposition,” Business Insurance, September 13, 2018. Access at: https://www.businessinsurance.com/article/20180913/NEWS06/912324003/House-panel-adopts-data-security-notification-bill-despite-NAIC-opposition.
  10. “CSBS Opposes H.R. 6743, the Consumer Information Notification Requirement Act”, Conference of State Bank Supervisors, September 12, 2018. Access at: https://www.csbs.org/csbs-opposes-hr-6743-consumer-information-notification-requirement-act.
  11. “H.R.6638 – Cybersecurity Disclosure Act of 2018,” U.S. House of Representatives, July 27, 2018. Access at: https://www.congress.gov/bill/115th-congress/house-bill/6638. “Data Acquisition and Technology Accountability and Security Act,” U.S. House of representatives, February 16, 2018. Access at: https://financialservices.house.gov/uploadedfiles/bills-115-datasa-pih.pdf.

Newsletter Author: Venetia Woo, Mairi Bryan, Tony Liu
Newsletter Contact Person:
Venetia Woo

Visit www.accenture.com/RegulatoryCompliance for latest insights on regulatory remediation and compliance transformation.

Disclaimer

This blog is intended for general informational purposes only, does not take into account the reader’s specific circumstances, may not reflect the most current developments, and is not intended to provide advice on specific circumstances. Accenture disclaims, to the fullest extent permitted by applicable law, all liability for the accuracy and completeness of the information in this blog and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professional.

About Accenture

Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 442,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Its home page is www.accenture.com

Copyright © 2018 Accenture. All rights reserved.

Accenture, its logo, and High Performance Delivered are trademarks of Accenture. This document is produced by Accenture as general information on the subject. It is not intended to provide advice on your specific circumstances.

If you require advice or further details on any matters referred to, please contact your Accenture representative.

Submit a Comment

Your email address will not be published. Required fields are marked *