Sept. 13, 2018


NASCUS strongly opposes HR 6743 because the bill’s state preemption would interfere with a state’s ability to determine the best mechanism for providing data security protections to its citizens and the bill fails to subject non-financial entities to adequate data breach standards.

ARLINGTON, Va. – In a letter to the House Financial Services Committee, NASCUS stated its opposition to legislation that would preempt state regulations regarding data breach notifications and fail to subject non-financial entities (such as retail establishments and consumer reporting agencies) to the same data breach standards as financial entities. 

H.R. 6743 would disregard state law and prevent a state from determining the best mechanism for providing data security protections to its citizens. NASCUS President and CEO Lucy Ito writes that, “where a state has an existing data security and breach notification apparatus in place that provides for more stringent protections-- deference should be given to the state law.” 

The vast majority of companies responsible for data breaches are not financial institutions, yet the legislation fails to subject these companies to the same rigorous requirements as financial service providers.  Ito asserts that “any ‘national standard’ would need to incorporate data security compromises that occur within non-financial entities, as well as establish breach notification requirements for those companies.”

NASCUS letter in opposition to H.R. 6743

Information Contact:
Shelton Roulhac, Vice President, Communications,  or (703) 528-5974

The National Association of State Credit Union Supervisors (NASCUS) is the primary resource and voice of the state governmental agencies that charter, regulate and examine the nation’s state-chartered credit unions. NASCUS membership is made up of state-chartered credit unions, state regulators and other supporters of the state credit union system. NASCUS is the only organization dedicated to the defense and promotion of the state credit union charter and the autonomy of state credit union regulatory agencies.