Union Calendar No. 849
115th CONGRESS 2d Session |
[Report No. 115–1097]
To amend the Gramm-Leach-Bliley Act to provide a national standard for financial institution data security and breach notification on behalf of all consumers, and for other purposes.
September 7, 2018
Mr. Luetkemeyer introduced the following bill; which was referred to the Committee on Financial Services
December 21, 2018
Reported with an amendment, committed to the Committee of the Whole House on the State of the Union, and ordered to be printed
[Strike out all after the enacting clause and insert the part printed in italic]
[For text of introduced bill, see copy of bill as introduced on September 7, 2018]
To amend the Gramm-Leach-Bliley Act to provide a national standard for financial institution data security and breach notification on behalf of all consumers, and for other purposes.
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
This Act may be cited as the “Consumer Information Notification Requirement Act”.
SEC. 2. Breach notification standards.
Section 501 of the Gramm-Leach-Bliley Act (15 U.S.C. 6801) is amended—
(1) in subsection (b)(3) by striking the period at the end and inserting “, including through the provision of a breach notice in the event of unauthorized access that is reasonably likely to result in identity theft, fraud, or economic loss.”; and
(2) by adding at the end the following:
“(c) Standards with respect to breach notification.—Subject to section 504(a)(2) and sections 505(b) and 505(c), within 6 months after the date of enactment of this subsection, each agency or authority required to establish standards described under subsection (b)(3) with respect to the provision of a breach notice shall ensure that such standards are in compliance with subsection (b).
“(d) Insurance.—
“(1) ENFORCEMENT.—Notwithstanding section 505(a)(6), with respect to an entity engaged in providing insurance, the standards under subsection (b) shall be enforced—
“(2) NOTIFICATION BY ASSUMING INSURER.—
“(3) SAFEGUARDS FOR INSURANCE CUSTOMERS.—In carrying out subsection (b) with respect to an entity engaged in providing insurance, a State insurance authority shall establish the standards for safeguarding customer information maintained by entities engaged in activities described in section 4(k)(4)(B) of the Bank Holding Company Act of 1956 (12 U.S.C. 1843(4)(k)(4)(B)) that are the same as the standards contained in the interagency guidelines issued by the Comptroller of the Currency, the Board of Governors of the Federal Reserve Board, the Federal Deposit Insurance Corporation, and the Office of Thrift Supervision titled ‘Interagency Guidelines Establishing Standards for Safeguarding Customer Information’, published February 1, 2001 (66 Fed. Reg. 8633), and such standards shall be applied as if the entity engaged in providing insurance was a bank to the extent appropriate and practicable.”.
SEC. 3. Preemption with respect to financial institution safeguards.
Section 507 of the Gramm-Leach-Bliley Act (15 U.S.C. 6807) is amended to read as follows:
“SEC. 507. Relation to State laws.
“(a) In general.—This subtitle preempts any law, rule, regulation, requirement, standard, or other provision having the force and effect of law of any State, or political subdivision of a State, with respect to a financial institution or affiliate thereof securing personal information from unauthorized access or acquisition, including notification of unauthorized access or acquisition of data.
“(b) Insurance.—Subsection (a) shall not prevent a State or political subdivision of a State from establishing the standards for entities engaged in providing insurance required by sections 501(c) and 501(d), provided the standards established by such State or political subdivision do not impose any requirement that is in addition to or different from those standards, except where necessary to effectuate the purposes of this subtitle.”.
Union Calendar No. 849 | |||||
| |||||
[Report No. 115–1097] | |||||
A BILL | |||||
To amend the Gramm-Leach-Bliley Act to provide a national standard for financial institution data
security and breach notification on behalf of all consumers, and for other
purposes. | |||||
December 21, 2018 | |||||
Reported with an amendment, committed to the Committee of the Whole House on the State of the
Union, and ordered to be printed |