In the wake of the Equifax data breach, Congress is focused on data security issues. The House Financial Services Committee is set to take up the topic in a hearing next week entitled “Examining the Current Data Security and Breach Notification Regulatory Regime.” The hearing is expected to lay the ground work for legislation that is being drafted by Rep. Blaine Luetkemeyer (R-MO).
NMHC/NAA have been in close contact with Rep. Luetkemeyer and other key allies to share insights into how the industry uses consumer data and how we protect it. While details of the proposal have yet to be released, NMHC/NAA have advocated that it includes:
- A clear Federal preemption of the existing patchwork of often conflicting and contradictory state data security, privacy and breach notification laws.
- A reasonable, flexible and scalable national standard for data protection. Specifically, when establishing compliance obligations, this standard must consider the needs and available resources of small businesses as well as large firms and the sensitivity of the data in question.
- A clear assignment of financial and legal liability to the entity that actually suffered the breach, particularly in the case of third-party breaches.
- A requirement that third-party service providers must notify their customers of any breach and allow them to notify the consumer of the breach if they so choose.
The House Energy & Commerce Committee also shares jurisdiction on this issue and is expected to weigh in with their own proposal in the near future. Agreement must be reached between the two Committees before the full House is able to advance any measure.
NMHC/NAA will continue to work with Congress to create a federal data standard that recognizes the unique nature and needs of the rental housing industry while ensuring the data that our members collect, use and maintain is secure.
More on data security can be found here.
- NMHC NAA Comments to FCC on Digital Discrimination
- NMHC NAA House Financial Services Data Privacy Letter
- NMHC NAA House Energy and Commerce Data Privacy Letter
- ‘We Need a Federal Standard’ – NMHC Reiterates Plea for Data Privacy Standard as FTC Explores New Rule
- FTC Commercial Surveillance and Data Security Comment Letter