WASHINGTON, D.C. – Today, Congressman Blaine Luetkemeyer (MO-03), Ranking Member on the Subcommittee on Consumer Protection & Financial Institutions introduced the Consumer Information Notification Requirement Act (CINRA) to reform data security requirements to bring enhanced clarity and security to our nation’s financial institutions.

“Financial institutions in Missouri and across America have been burdened with navigating the patchwork of state laws for data security and breach notification requirements. The waters are so murky that oftentimes, state laws are in direct contradiction of one another,” said Luetkemeyer. “This bill provides clear, uniform rules of the road for banks and credit unions, and it ensures that consumers in every state in the country are protected under the law.”

Background: The legislation would codify breach notification requirements for financial institutions in the Gramm Leach Bliley Act and establish preemption of state law for data security and breach notification requirements. This will provide one robust data security and breach notification standard for U.S. financial institutions. This legislation is similar to a bill that passed the Committee back in 2018 with unanimous Republican support.

For bill text, click HERE.

Industry Support:

“NAFCU applauds Congressman Luetkemeyer for his leadership on the introduction of the Consumer Information Notification Requirement Act, which would amend the Gramm-Leach-Bliley Act to require a notice of unauthorized access that is likely to result in identity theft, fraud or economic loss. For more than a decade, NAFCU has advocated for a federal legislative solution to create strong data security standards. Financial institutions remain committed to protecting the American consumers they serve from data security breaches and holding negligent entities accountable. This bill is a positive development in efforts to implement a comprehensive standard,” said NAFCU President and CEO Dan Berger.

“BPI thanks Congressman Luetkemeyer for introducing legislation addressing data security and supports congressional action to confront the important issues outlined in this bill,” said Ed Hill, Senior Vice President and Head of Government Affairs for the Bank Policy Institute.

“ICBA and the nation’s community banks support Rep. Luetkemeyer’s legislative effort to establish uniform consumer data breach notification standards that are equivalent to those already in place for financial institutions under the Gramm-Leach-Bliley Act. A national standard that preempts the current patchwork of inconsistent state and local data protection and notification standards is essential to addressing third-party breaches and protecting our nation’s consumers,” said ICBA President and CEO Rebeca Romero Rainey.

“We support this legislation to eliminate the patchwork of state data breach notification standards, ensuring consistent treatment to all affected by a data breach. Pre-empting conflicting—and often contradictory—state laws and requiring timely notice to those who are affected would greatly benefit consumers,” said Credit Union National Association President/CEO Jim Nussle.