H.R. 2205, the Data Security Act of 2015, is currently under consideration in the House Financial Services Committee. CFA is pleased that many members in the House are committed to improving data security and breach notification protections, particularly given the significantly harmful impact that data breaches can have on American consumers. Unfortunately, this bill would weaken consumer protections in a number of ways, and eliminate protections altogether for some categories of personal information. It also does not improve the level of protection for consumers, as most states already require notification in the event of a data breach, and federal and state consumer protection law already requires reasonable data security practices. On balance, H.R. 2205 would do consumers far more harm than good, and CFA therefore urges lawmakers to oppose it.