In the hearing, SIA affirmed its strong commitment to working with members of the Committee on breach notification legislation in creating a national standard that will prevent consumer confusion and eliminate the potential for conflicting compliance regulations. Demonstrating its commitment to the issue of data breach notification, SIA presented six fundamental principles to be considered when drafting data breach legislation.

"We know how important it is for our customers to feel confident that their personal information is secure, so we devote enormous time and resources to ensuring we achieve that goal," said Ira Hammerman, Senior Vice President and General Counsel of SIA, in his prepared testimony. "We are concerned, however, that the expanding patchwork of state and local laws affecting data security and notice will make effective compliance very difficult for us and equally confusing for customers," he added.

In light of its concerns, SIA urged the Committee to consider six principles:

a clear national standard to achieve a uniform, consistent approach that meets consumer expectations;

trigger for consumer notice tied to significant risk of harm or injury that might result in identity theft;

a precise definition of sensitive personal information tied to the risk of identity theft;

exclusive functional regulator oversight and rulemaking authority;

flexible notification provisions; and

reasonable administrative compliance obligations.

Throughout the testimony, SIA made clear that any legislation addressing the security of data should provide functional regulators, such as the SEC for the broker-dealer industry, with the exclusive authority to develop appropriate regulations and that these functional regulators are "best suited" to monitor how industry conforms to statutory requirements.