Dear Chairwoman Waters and Ranking Member McHenry:
The U.S. Chamber of Commerce writes to oppose the following bills that the Committee is expected to consider on December 10.
Amendment in the Nature of a Substitute to H.R. 1731, Cybersecurity Disclosure Act of 2019 (Rep. Jim Himes)
Cybersecurity is a critical issue for both businesses and governments. While the Chamber is supportive of efforts to combat cybersecurity threats, we have concerns that the legislation’s “comply or explain” model, that would require companies to disclose whether they have a board member with cybersecurity experience or explain the rationale for not having one, conflates the responsibilities of a board of directors with that of management. Further, we believe existing SEC regulations and market practices already provide the disclosure that the Cybersecurity Disclosure Act seeks to address.
In 2018, the SEC issued Commission-level guidance that clearly lays out the disclosure expectations for public companies on cybersecurity, notably that material cybersecurity risks must be disclosed to investors. The guidance also encourages public companies to adopt comprehensive cybersecurity policies and to assess their compliance regularly, including the sufficiency of their cybersecurity disclosure controls and procedures. To the extent cybersecurity risks are material to a company’s business, the guidance states that disclosures should include the nature of the board’s role in overseeing the management of that risk.
We look forward to working with Representative Himes and the Committee to resolve our concerns as the Cybersecurity Disclosure Act advances through the legislative process.
Amendment in the Nature of a Substitute to H.R. ____, Protecting your Credit Score Act of 2019 (Rep. Josh Gottheimer)
The Fair Credit Reporting Act (FCRA) requires each consumer reporting agency (CRA) to achieve maximum possible accuracy in compiling a consumer report. Every CRA also has a legal obligation to safeguard the personal information that they hold. This legislation would require companies to jointly establish an online consumer portal with its own authentication and security, without a specific owner. This portal would create significant cybersecurity vulnerabilities for consumers and companies—making it impossible for CRAs to meet existing obligations.
Further, the authentication of the portal could potentially expose credit reports to abusive credit repair. If the authentication is tuned too high, then real consumers would be rejected from the website. If authentication is too loose, then it could be abused.
The Chamber supports efforts to streamline access to credit data for consumers; however, it must be done in a responsible way that does not prevent access to credit. While we appreciate the extensive efforts of Rep. Gottheimer to resolve our concerns, the Chamber remains opposed.
Neil L. Bradley
cc: Members of the Committee on Financial Services