Welcome to Consumer Reports Advocacy

For 85 years CR has worked for laws and policies that put consumers first. Learn more about CR’s work with policymakers, companies, and consumers to help build a fair and just marketplace at TrustCR.org

Letter to Congress Re: the Financial Services Data “Security” Bill

Today, we enjoy a de facto national standard in which companies notify individuals nationally based on the strongest state laws when their personal information has been lost or stolen. H.R. 3997 overturns existing state notice of breach laws and weakens this de facto national standard. It requires individual notification only after the company experiencing the breach decides that the breach is “reasonably likely” to result in actual ID theft or account fraud. We call this a “don’t know, don’t tell” policy because if a company doesn’t know whether consumers will be victimized, it does not have to notify them.