At today’s Financial Services committee hearing on data security breaches, Ranking Member Maxine Waters (D-CA) cautioned lawmakers to ensure that any Congressional effort to set national enforcement and notification standards provide a strong federal minimum, ensure flexibility for states to build on those minimum standards and avoid hamstringing their ability to adapt and strengthen them as new technologies emerge.
Waters underscored the importance of this issue, and called for a bipartisan approach that deviates from the Republicans’ partisan attacks on the Consumer Financial Protection Bureau and the Export-Import Bank.
Waters full remarks are below.
“Thank you, Mr. Chairman.
Americans are increasingly reliant on electronic means to communicate, shop, and manage their finances. While new technologies bring substantial opportunity, they also bring a range of new vulnerabilities for consumers.
Massive attacks on some of our nation’s largest retailers and financial institutions are impacting virtually every sector of our economy – and our national security.
Consumers are not the only ones who pay the price of a breach. The cost of recovering losses by retailers and card issuers can be extensive, and weigh particularly heavily on small community banks and credit unions.
We all know companies face a number of challenges in determining how best to secure customers’ financial and personally identifiable information. In addition, we know that there are significant costs to complying with various state laws and providing notice after a breach. However, as we consider setting national standards for safeguarding consumers’ personal information and ensuring timely notification, we must again acknowledge the good work of those states that for years have been at the front lines of this fight. I believe that any federal preemption should complement states’ protections and ensure, at a minimum, that state attorneys general continue to play an important role in enforcement and notification standards.
In setting minimum standards, we need to be careful not to hamstring our states’ and federal regulators’ ability to continue adapting and strengthening protections for consumers. Otherwise we will limit regulators’ ability to keep up with technological change. And we must preserve a private right of action for consumers and for financial institutions—to ensure that affected entities and breach victims have legal recourse. Further, consumers must be consistently provided with clear disclosures of the rights and remedies available to them, so that they remain aware of the various ways in which they can protect themselves from identity theft and fraud and other cybercrimes.
Mr. Chairman, efforts to guard against cyber threats are critically important and shouldn’t devolve into the same partisan fault lines we have seen on far too many other issues before this Committee such as the baseless attacks on watchdogs like the CFPB and blocking efforts to reauthorize the charter of the Export-Import Bank – which expires in just 22 legislative days.
With that, I look forward to hearing from the witnesses today and I yield back. ”