US financial industry will standardize breach notification requirements

The House Financial Services Committee has passed a bill that standardizes data breach notification requirements in the financial industry.

The bill, which amends the GLBA (Gramm-Leach-Bliley Act), had been criticized for taking power away from state regulators. However, its advocates said that uniform notification requirements were essential. The committee agreed, voting 32–20 in favour of the proposal.

The GLBA will now be known as the Consumer Information Notification Requirement Act.

‘Flexible and scalable bill’

The law should prove popular among financial institutions. A collective comprising the American Bankers Association, Consumer Bankers Association, Credit Union National Association, Independent Community Bankers of America, and National Association of Federally-Insured Credit Unions supported the bill in a letter to the committee.

Writing on behalf of its members, the group urged the committee to vote in favour of the “flexible, scalable data protection standard.”

It added: “Our existing payments system serves hundreds of millions of consumers, retailers, financial institutions and the economy well. Protecting this system is a shared responsibility of all parties involved and we must work together and invest the necessary resources to combat never-ending threats to the payments system.”

The group’s words reflect a growing trend in data protection. Laws are becoming more thorough and broader in scope to ensure that everybody is following best practices and isn’t confined by bureaucracy.

You will probably have seen similar arguments in favour of the EU GDPR (General Data Protection Regulation), which came into effect on May 25, 2018. The EU previously had the Data Protection Directive, which each member state adopted and amended to suit its preferences. However, that still left a lot of problems when personal data was transferred between member states, and the EU eventually decided to create a regulation that applies universally.

The benefit – beyond standardizing data protection requirements – is that it codifies its processes as best practices. It’s a universal law that everybody must follow, so there shouldn’t be any confusion as to what needs to be done.

Watch our GDPR webinar

This won’t be the last time you hear data protection laws being compared to the GDPR. The Regulation has become the global standard for information security, and its influence will be seen on laws proposed around the world. Therefore, whether the GDPR applies to you or not, you should be aware of how it works and consider adopting its requirements.

You can learn more about the Regulation by watching our free webinar: GDPR compliance and information security: reducing data breach risk.

It takes place on Tuesday, October 23, 2018, at 1:00 pm (EDT). If you can’t make the presentation, it will be available to download from our website, where you can also view our past webinars and register for future events.

Here are some other upcoming webinars that you might be interested in:

  • November 12, 2018 – Practical advice on how to improve your overall information security in line with the GDPR’s requirements.
  • November 20, 2018 – Compliance solutions: How can penetration testing support your GDPR project?
  • December 11, 2018 – ISO 27001 and GDPR: How can law firms tackle information security in conjunction with data protection laws?