On February 14, the House Financial Services Subcommittee on Financial Institutions and Consumer Credit held a hearing entitled “Examining the Current Data Security and Breach Notification Regulatory Regime” to discuss opportunities to reform data security regulations at the federal and state level in order to close gaps in the regulations and reduce vulnerabilities in the system. Subcommittee Chairman Blaine Luetkemeyer (R-Mo.) opened the hearing by stating that (1) technological advancements are paired with increasingly sophisticated threats to data security; and (2) data breaches seem to be increasing in number and severity. Luetkemeyer emphasized that the time has come to consider regulatory reform to address these complex issues.
The hearing’s five witnesses offered numerous insights related to the current issues with data security. Among the issues discussed included highlighting the significance of the global data threats the U.S. faces today and the cost they have on the public’s trust in technology. Several witnesses commented on the inconsistencies in state data breach laws and offered suggestions for future regulatory reform, such as federal legislation that (i) requires companies to maintain reasonable data security policies; (ii) implements prompt consumer notification requirements of suspected breaches; and (iii) contains a safe harbor for compliance with federal data security standards. The hearing also had significant discussion regarding whether a new federal law should preempt current state laws in their entirety. The discussion recognized the challenges of pursuing a preemption approach. On one hand, partial preemption would not solve the inconsistencies that exist today, but total preemption may override state laws that currently provide strong protections with a weaker national standard.