September 12, 2018
The Honorable Jeb Hensarling The Honorable Maxine Waters
Chair Ranking Member
House Financial Services Committee House Financial Services Committee
2129 Rayburn HOB 2221 Rayburn HOB
Washington, D.C. 20515 Washington, D.C. 20515
Dear Chairman Hensarling and Ranking Member Waters:
On behalf of the National Council of Insurance Legislators (NCOIL), I write in opposition to H.R. 6743, “The Consumer Information Notification Requirement Act” which seeks to establish a federal standard on data security and breach notification for the financial services and insurance industries and would therefore preempt existing relevant state laws.
As you may know, NCOIL is a national legislative organization with the nation’s 50 states as members, represented principally by legislators serving on their states’ insurance and financial institutions committees. NCOIL writes Model Laws in insurance and financial services, works to both preserve the State jurisdiction over insurance as established by the McCarran-Ferguson Act seventy years ago and to serve as an educational forum for public policy makers and interested parties. Founded in 1969, NCOIL works to assert the prerogative of legislators in making State policy when it comes to insurance and educate State legislators on current and longstanding insurance issues.
NCOIL takes the issue of data security and breach notification very seriously. In addition to holding several educational sessions on such topics for our member legislators and interested parties at our national meetings, in November 2017, following the events of the Equifax data breach, we adopted a Model Act Prohibiting Consumer Reporting Agencies from Charging Fees Related to Security Freezes, which prohibits a consumer reporting agency from imposing a fee on a consumer for placing a security freeze, removing a security freeze, temporarily lifting a security freeze, or reinstating a security freeze.
While we commend your Committee’s efforts to ensure there are appropriate safeguards established relating to data security and breach notification, NCOIL believes that states are best qualified to enact and enforce such laws. All fifty states have data security and breach notification laws in place, many of which can be argued have stronger standards than those proposed in H.R. 6743.
If enacted, H.R. 6743 will substantially change the data security and breach notification requirements for the insurance industry, a change that NCOIL believes comes from the wrong authority, and indeed violates the spirit of the McCarran-Ferguson doctrine. If changes to insurer data security and breach notification requirements were to be made, the proven, state-based system of insurance regulation dictates that state insurance legislators – those with a fundamental understanding of their states’ markets and consumers – are best equipped to respond rather than Congress. State insurance legislators continue to work hard to both develop and improve data security and breach notification laws. If enacted, H.R. 6743 would impede upon such efforts which would ultimately harm consumers.
Thank you and please do not hesitate to reach out if you wish to discuss this further.
With appreciation for your consideration, I am,
Very truly yours,
Thomas B. Considine
CEO
NCOIL
cc:
The Honorable Blaine Luetkemeyer
Chair
House Financial Services
Subcommittee on Financial Institutions and Consumer Credit
2230 Rayburn HOB
Washington, D.C. 20515
The Honorable William Lacy Clay
Ranking Member
House Financial Services
Subcommittee on Financial Institutions and Consumer Credit
2428 Rayburn HOB
Washington, D.C. 20515