in a couple of weeks will be do- or-die over policy. these are the issues of the 2012 election. we are still getting a lot of attention on the hill. i have seen a lot of congressmen. but they are consumed, i mean, almost overwhelmed with the magnitude of the problems. yes, there will be communication stuff on the fringes, but i do not think that will be at the core of any of these things. >> i have some anymore questions, but i am being flight that you have to go on to some much of the things. >> i am glad for what you do. >> look for more interviews on the cable show in the coming weeks. you can find this and other programs that c-span.org --

other programs act [unintelligible] 6. >> we will bring you more about jon huntsman appear in his remarks, live from liberty state park in new jersey here on c-span, c-span real, and c- span.org. >> c-span has launched a new easy-to-navigate web page. bio information on the candidates come out with your feet and facebook updates from reporters, visit us at c- span.org/campaign2012. >> blackberry users, now you can access our program anytime with the c-span radio app.

you can also listen to our signature interview programs each week. it is all available around the clock wherever you are. >> companies that have consumer information reached by hackers can face penalties from the federal trade commission. in a new bill, companies would be required to notify consumers and ftc 48 hours after the date of -- or face penalties. in this portion of the hearing, you hear from business leaders and a consumer advocacy group.

>> good afternoon, a gentleman. you will each be recognized for five minutes. to keep track of time, there is a time clock in front of you. green, red, yellow, you know what they mean. at this time, we will recognize mr. goldman for five minutes. please remember to turn on your microphone and bring it close your mouth. >> good afternoon. i am jason goldman with the world's largest organization. on behalf of the chamber and its members, i think you for the opportunity testify year today.

they use did to spur sales and job growth, enhance productivity and efficiency. will u.s. data usage is skyrocketing. interest of economy, businesses depend more than ever on having a beneficial relationships with their customers. and there's no question that protecting customer information should be a party for all businesses. and the customers deserve to be promptly notified if a security breach has put them at risk of identity theft or other harm.

at the same time, the chamber urges policy makers to ensure that any legislation does not hindered innovation and beneficial uses of data. the chamber recently got this safety data act. the united states and the national economy -- almost every state has a breach provision. many differ from one or another in mature ways. it's a not only makes compliance difficult for businesses, but can also create confusion for customers who receive notices from many sources. the chamber supports the laws to create a uniform standard that will create regulatory certainty and minimize compliance costs for businesses who

participate in multiple states. the chamber worries that needlessly alarmed customers who are flooded by these notices may be lulled into inactivity. therefore, the chamber is pleased that the draft bill recognizes that it should be based on harm, not just the mere fact that a data breach occurred. the chamber agrees that notification of breach not necessarily where the data is found unreadable or unusable by different encryption redaction or access control. the chamber also recognizes the inclusion of a threshold number of individuals that would trigger notification to the ftc. they mato catch cyber crooks anr

criminals to ensure the safety of our nation, the chamber supports the draft bill including -- the chamber recommends inclusion of language in the bill that notify specific agencies that would trigger that exemption. on liability, the chamber is concerned about the application of a daily fine as a security requirement. if entity is found liable -- the chamber appreciates the revisions that were discussed in

the panel earlier. on enforcement, the chamber is concerned about different regimes that will undermine the act. the draft bill should curtail the ability of states attorneys general to utilize private outside clinton's attorneys to enforce this act or to let it claims on behalf of other constituents. the chamber also appreciates the provisions in the act where the ftc should implement in a neutral manner. lastly, the chamber appreciates the inclusion of a provision of the -- with that, thank you. i'm happy to answer any questions. >> the software alliance strongly supports the enactment of a national data security and

a database notification law. we believe that that is important to build trust and confidence in the digital economy. this is now the fourth congress to consider data breach legislation. we're grateful for the opportunity that we have to work with the members of this committee to advance a bill. the time to act is now. the need is clear as are the solutions. we endorse the key elements of the safety act before us today. we support requiring organizations that hold sensitive personal information to implement reasonable security procedures and the draft bill takes into account organization size, scope of activities, and the cost involved. with support creating incentives to adopt stronger security measures. the draft bill will promote the use of technologies such as encryption, which renders data

unusable, honorable, or indecipherable. we support an approach that avoids unnecessarily alarming or confusing consumers. and the draft bill accomplishes that by only required notification when there is any risk of identity theft, fraud, or a lawful activity. .and we hear about new data reaches almost daily. one group as reported the end of one and 530 million individual records. in many occasions, these records are useful to identify individuals and then exploited by thieves, such as social security my credit card, or driver's license numbers.

they indicate that these bridges are causing consumers to question the security of on-line transactions and that is especially troubling because we are in the middle of an exciting new wave of innovation with the emergence of cloud computing. it offers tremendous new opportunities for economic growth and efficiency. it allows businesses and organizations to reinvent their back-office operations. it will give users access to their data and services from any device, whether at home, at the office, or on the road. if we can allow preaches to erode confidence in the cloud environment or the internet economy. for years, members have been working hard to protect consumers from cyber criminals.

members are developing cutting its security solutions to defend against the evolving and very real threats. we have also led the fight against the use of illegal software, not only because it drains revenues from american chemist, but because software commonly -- from american business, but because software commonly includes some information. as this committee a understands, congress also has a responsibility. in the absence of a national law, states have enacted their own bid -- notification requirements. unfortunately, this has resulted in inconsistencies that are unwilling for businesses and

confusing for consumers. we need a uniform national framework that better protect consumers and also, as this bill does, promotes effective security measures. i testified before this committee two years ago about the need for a national data breechblock. since then, another 250 million sensitive records have been breached. i commend you and your colleagues for drafting this bill. i urge congress to pass a federal did reach law this year. we look forward to working with you and members of this committee to make this a reality. >> thank you. >> good afternoon. >> is the microphone on? >> it is. i will move it closer. >> thank you. >> is the light on?

i cannot necessarily tell, but the people in the back care that they can hear. >> we appreciate the opportunity to testify today. for more than a decade, we have been on record in supporting a unified bill where there is a significant risk of identity theft. we applaud the focus of this hearing. proactivet the member approach. it is the right step to take. you have asked us to comment on the state did act. first, we are encouraged by the essential structure of the bill. first, sense of personal data must be secure. the draft proposal a properly empowers the federal trade commission to write regulations related to data security.

cd-i member support this approach. consumers must be notified when sensitive personal information about them has been lost or stolen our member support notification, where there is a significant risk of harm for the consumer, which is the likelihood of becoming the victim of the crime of an effect. the discussion draft establishes strong incentives for businesses to adopt strategies appear in these incentives are properly technology neutral and will spur innovation in the design of systems that will ultimately protect data about consumers. it includes a risk-based trader for when a notice must be sent. it ensures that we receive timely notices rather than a dissolution of bonuses. while the draft urges speed unification of consumers, it a

acknowledges the need for law- enforcement to engage with the private sector and to delay such notices in some cases. we're pleased that the draft proposal solves the problem of overlapping laws. filleted subbing persons who are subject to a data security requirements of tunnel 5 insurers that members, both large and small, are in the best position to successfully comply with the law and, most importantly, to be successful in securing sensitive information about consumers. and encourage the committee to adopt something similar. ensuring a truly uniform national standard for both data bridge nullification is essential for the draft. we applaud the inclusion of section 6 as the committee continues to refine the draft.

regarding the content to notice us, let me make a couple points. first, with thank you for the inclusion of language in section 3 e that makes it clear that the person who experience the breach is the one who pays for the credit reports. for the sake of consumers, we request that the bill be amended to require those worsening a breach notices to more than 5000 individuals to notify consumer reporting agencies in advance so that our numbers can prepared to handle the spike in volume. all persons issuing notices should verify the accuracy of the contact information included. our members have discovered that notices issues by others have a correct toll-free numbers, which is a disservice to consumers. in terms of definitions, we're aad that it is seles's definition for information.

section 57 be excludes public records from the definition. our members are concerned with five-seven-c. let me congratulate you on a very strong discussion draft that is unencumbered by ancillary issues. the committee is on the right track. we look forward to supporting its efforts. thank you. >> thank you. [no audio] [unintelligible]

end their credit-card information improperly access. if i can make an additional point for you this morning, these problems will get worse we are moving more of our personal data from our laptops, are devices, and a desktop computers into the cloud where they can be more easily accessed by others. you'll hear more and more about security breaches. you'll also learn that the attacks are being more sophisticated. natalie we have to contend with phishing. we also have to deal with spear sphishing. at the outset, my sense would be that, given the fact that the house last year passed a strong measure, the problems are

getting worse and larger likely to continue to do so. i would have started there and try to figure out how to improve that bill. in that spirit, wanted to commend you for incorporating the data minimization information in the draft bill. i think this is an important safeguard that not only limits the risk at the outset by telling companies -- really think if you need to have social security numbers on health club members, for example. if you lose control of that information, you have created a risk. so you reduce the risk at the .utset in th one of the other things we have learned based on the citibank experience and the sony experience is that these companies are reluctant to notify their customers when they

have a problem. that is why legislation is so important for companies to tell customers that there is a problem and that you will need to act on misinformation. the fact that you have limited that time is very important. in my written testimony, made additional suggestions. i will try to highlight the key points about questions raised by the members during the earlier part of this hearing. i noticed the dr. cassidy asked why should we have a public information requirement if that is already out there? can we not put it in a separate category? a think the answer is obvious. there's a big difference between someone breaking into a database to get someone's home address and someone finding the home address in a publicly accessible file. the reason, of course, is that there is intent behind the break-in to go after the person whose home address has been obtained. the fact that it might be

accessible somewhere else should hardly make people feel good about the fact that it can be characterized as public information. i would stick with that exception, that somehow companies get a free pass that can be obtained somewhere else. therefore they do not have to worry about people breaking in. i think the home address information makes obvious the problem. there is some discussion on how 02 define personal of affirmation. it is a difficult problem. of in almost every privacy bill. information that identifies or could identify a person includes, by way of illustration, but not limited to many of the provision to have in your bill. so it is a social security number, bank account number, a person's name, a home address. it could also be an ip address.

a fixed internet address associated with a laptop or mobile device could be personally identifiable information. they are facebook userid can also be personal identifiable information. that is exactly what contributed to one of the concerns about access to facebook-based information. on this critical question of pre-emption, i am understanding that, while my colleagues would favor a national standard, i would urge you to look very closely at some of the strong state measures that would be effectively over written if a week federal standard is established. those bills are important. even in a state like california, when they thought they had it right the first among financial data, they had to come back later and deal with medical bridge notification as well. thank you very much. >> thank you.

as a student of john dingell, i will recognize myself for the first five minutes with a yes or no required at each of you. mr. goldman, if the existence of so many state standards -- is the existence of so many state measures an impediment to notification? >> yes. >> yes. >> yes. >> should not be. >> would a single federal standard lessen the risk of unnecessary notices sent every year? >> yes. >> yes. >> yes. .> no >> do you think consumers can be desensitized to risk if they receive thune notifications?

>> yes. >> yes. >> yes. >>. >> even airing on the side of caution? >> yes. >> yes. >> no. >> do businesses ever air on the side of the fighting -- do businesses ever err on the side of caution? >> yes. >> yes. >> i do not know. >> repeat the question to request should company is keep sensitive information, such as credit-card numbers or dates of birth in perpetuity? >> it depends. no. >> no. >> no. >> note. >> should each data breach trigger a notice to consumers? " no.

>> no. >> no. >> yes. >> should it otherwise be considered personal information? >> yes. >> no. >> yes. >> should the ftc have the ability to modify pii. >> no. >> no. >> yes. >> no. ies also beompany i subject to ftc enforcement under this draft? >> no. >> no. >> no. >> yes. >> shell entity is -- shall entities the subject to rule #2 of this legislation? >> no.

>> we have not taken a position on that. >> no. >> no. >> do believe that the collection and use of data is a data security issue? >> yes. >> yes. >> no. >> yes. >> do you think decrypted data is breached should require notification? >> yes. but no. >> no. >> yes. >> should attorneys general have the ability to enforce this law? >> yes. >> now. >> no. >> yes. >> does your organization maintain personal information of the sort that would be covered by this bill? >> i do not know. >> yes, for our employees. >> yes. >> yes. what do agree with the proposal to allow the fcc to regulate in this area?

>> yes. >> yes. >> yes. >>. >> do you believe political campaigns should be covered as well? >> no comment. >> it is being considered. >> no position. >> yes. >> how do we present over notification? >> we're extremely concerned about that, specifically depending on what kind of breach is. -- kind of -- it is. -- kind of breach it is. it depends on a case-by-case

basis. >> thank you. >> you recommend to congress to find pii. is it wise to lock into stone anything when it comes to technology? could there be evinces in technology that -- could there be advances in technology? >> the industry that deals with that if permission is sensitive. we are comfortable with the structure that you have in place. we do think it encompasses the type of data that expose consumers to a degree of risk. i think even some of the examples that he has given we would disagree with, but they are new and different risks that may have to be accounted for subsequently but we believe that congress should work out its definition and give businesses a stable marketplace in which to

then compete. >> thank you. >> information brokers of us huge data profiles on millions of americans, nearly all of whom do not do business with these brokers. they invest time and money to cover personal details without knowledge or consent and sell disinformation to the highest bidder. it appears that american consumers have no free market method of showing disapproval. if they feel their personal information is being used or to correct any inaccuracies in a profile, it is in situations like these where it becomes prudent to enact laws that empowers consumers, giving them the tools they need to control their personal data. do you believe, sir, that consumers should be able to

access the information that brokers hold about them upon their request? >> yes, i do. i do so for precisely the reason that you explain. there's no one-to-one relationship between the consumer and the information broker. they are a third party. that means that the consumer does not otherwise know what information they have. >> when a broker possesses information, who actually owns the data? >> the broker would claim they do. but what they do with the bid has an enormous impact on the individual. it can determine employment, whether they get an apartment, a federal contract, a whole range of activity in the united states. >> do you believe that consumers should be able to dispute inaccurate information that is held on them. >> yes, i do.

congress figured out 40 years ago that the credit reporting agencies were holding financial reports on consumers that impacted their ability to get loans and start businesses. information brokers are playing a similar role today. individuals should have the right to dispute what is in the record. >> the data security bill approved by congress, but that the senate failed to pass -- in view of comply with these requirements, brokers were given an alternative procedure that they could follow, namely providing individuals with the option to complete opt out of having their personal and for our -- personal info used for marketing purposes.

in the absence of a federal law mandating semple opt out procedures, brokers have generally not provided them. however, in a perverse turn, recently, the campus tried to fill by telling consumers that, by $10, it would lock their records so the others could not see them or buy them. the ftc soon found this promise was entirely false. in march, the commission reached a settlement where they agreed to refund all fees and to avoid all misrepresentations in the future. do you believe is currently too difficult for consumers to opt out of information brokers databases? >> i do. i think this is a merry with their knees to be legislative safeguards. >> can you discuss how difficult it is to remove once the information from a broker's database compared to those of

retailers? >> the broker business model relies on the collection of detailed information about consumers without their knowledge. it is not the consumers providing information. and that information gains commercial value in as it is shared with third parties. the consumer has no ability to interact to limit those transactions. so the simple answer to question is that it is very difficult for consumers to play a meaningful role in what information brokers do with information about them. >> let me yield to the chair person. >> thank you. i want to reiterate to the panel and the subcommittee that we're also looking at privacy and the degree to which we can separate the privacy debate from the database debate. this is helpful for us to understand that they are very different.

>> my time is expired. i yield back. >> thank you. >> the cheerlead talked about this 48 hours breach. mr. coleman, you indicated that your preference for a reasonable -- i think you indicated -- >> correct. >> whaare other cases where we n move to 96 hours or 72 hours that you would be more comfortable with? or is it in your mind that every company is different. one is a small company. one is a large company. the situation under which it occurs is different. to put a mandate a 48 hours as a

time frame might not be applicable. you may want to explore that. >> sure. i spoke with members who have experience in some of these breaches. it can take from one day or a few days to get to the bottom of it. that is why we are leery about putting a time for a model. i do not think we generally supported a chart 20 to one. -- supported h.r. 221. >> can you give me an example as to when a 48 hours timeframe would be difficult to

accomplish? >> from reading the press reports, in one of the cases that recently occurred, the company originally said that credit card data was compromised. it turned out that credit card data was not compromised. in the meantime, they notified and told customers that there credit cards were compromise plan so they are now going through the inconvenience of cancelling the credit cards. it is even more so if you have monthly fees automatically charged to your car because you have to contact those vendors. it gets very complicated. from the consumer point of view, one to make sure that, before we get to that hassle, that we actually have to. >> when you say reasonable time period, that gives them the flexibility? >> i would think so. >> i understand that you think that 48 hours, based on what mr. goldman said, is there the possibility were situations -- a

possibility where there are situations that these people will start canceling their credit cards. when they actually do the investigation, there is not a breach. >> if i may clarify, congressman? i disagree with the characterization of your first witness. i know if your mouth about what happened with the citigroup breach matter. there was credit card information disclosed. it was the account number information. it was not the security code and it was not the expiration number. and the conclusion was drawn that, therefore, the risk was somewhat less than they initially thought. but the risk was very real. >> but would you also agree with what mr. goldman says that every company is different and sometimes, when they look at

millions and tens of thousands, that it is possible that they can do within 48 hours? but there may be a reasonable time period? >> i appreciate the difficulties. but there is a problem. i do not think we can diminish the problem -- >> i want to as another question. >> just to clarify, i was not referring to citibank. >> also, the bill also talks about buying personal identifiable information. i had some questions on that. are any of you concerned about the definition of personal identifiable information that can adequately understand that information so that they can conclude, when it comes to data

minimization, what they should take that? mr. goldman, are you concerned about the ftc and how they interpret these terms? and what impact to the legislation will have dealing with data minimization? >> yes. we are concerned with the ability of the ftc to expand its definition of pii. we're comfortable with the definition as is in the bill. we worry about inclusion of the user name and internet protocol addresses. >> thank you. >> thank you. the chair now recognizes mr. rushed for 5 minutes. >> you said in your testimony -- i will actually paraphrase -- that security breach modifications should be required in instances where

there is reasonable risk of identity theft, fraud, or unlawful assignment. but, as was pointed out, exi examples of fraud are likely to result in large-scale breaches should teasdale of the breach -- should the scale of the breached the considered and require immediate notification? >> we believe that there should be a notification trigger when there is a significant risk.

hopper we think that the important provisions in this bill a ones that encourage industry to adopt security measures using encryption or other technologies that would render information indecipherable or unreadable. at the end of the day, that is the most important safeguard because, when it is effective, if that information is obtained, but the criminal cannot do anything with that information, then we believe that you should not have to notify consumers because it is the data access -- because it is excess of notification that is a necessary -- because it is excessive notification that is unnecessary. >> when others of you a group that to? >> we strongly agree -- this is

true of your bill as well, congressman -- the incentive to render the data unusable is probably the most critical provision of the current draft of the bill that you had passed last year. it is one that we focus on as an industry every day. it is the one that we take most seriously. strong incentives is not to notify people. protected in the first place been funded best technology to do it when the data is at rest, when it is in transition. >> [unintelligible]

>> the reason we are requesting notice -- and i am not saying that it has to occur concurred with notification of law enforcement and the ftc. we have call centers. when a letter goes out and says to call the credit bureau and order a credit report, we have to make sure that we have the right staff. we have to have the right pipes open for the online access or the telephonic access, even the mail processing access. we understand what our normal pattern is. but a very large data breach creates a barron patterns, which creates spikes of activity aberrant patterns, which treats spikes of activity. >> do any of you have examples of the ftc inability to enforce

the law? ok, can you please elaborate further on why you need this -- when you think this definition of personal information is too narrow? >> i think the definition that i propose follows with examples included in the bill and is, -- and is common sense. the ip address poses a risk because it could be personally identifiable. lowest helps people understand. but if the list is limited, i think we have a problem.

>> thank you. >> thank you. the chair recognizes mr. olson for five minutes. >> thank you. i would like to welcome the witnesses. my first two questions are for you, mr. goldman. what is the chamber's view about items are recovered? >> generally, we have supported carve out some midget car alps -- carve outs. >> ok. one witness stated that the ftc

thought that a reasonable risk was the right thing because erring on the side of caution was necessary. >> the chamber does support a significant risk standard. there are two possibilities. where customers are over notified and they ignore it and then when a real risk occurs, they do not take any action. or, they get a notice and react immediately and cancel their credit cards. we prefer to have a significant risk standard. >> i have other questions for specific witnesses. if you'll remember company suffered from a security beach,

-- security breach, how to better help consumers avoid identity theft. >> many of the elements that are currently in the bill, we actually tried to follow over the years. for example, data minimization is a very good way to protect people on-line currently have taken steps for a number of years to do that. we collect information to provide the services that we need. but we do not collect excess of information on. >> our members are regulated by the data breach on the 48 statutes that are out there today establishing a federal standard, i think it would give us an easier route to clients, but we would be notify consumers, just let me to do -- just like we do today. almost all of our members are financial institutions. we are already complying with a data security regime, which is

called the safeguards rule. for most members, it would not be a remarkable change. even where of our members have data that is not regulated by glb, we build data-wide security. >> i cannot speak for any individual member company. but all of our companies are involved in trying to build greater security into their products and companies who brought tools to consumers and businesses to secure their environments. the concept of this bill, we recognize that they are ones that we would be subject to and our members, with that, are completely welcoming this legislation. we think it is important to act this year. >> with a uniform national standard, it would make it easier for our companies to

comply rather than complying with 46 or 47 state rules. >> we may now be hitting the bull's-eye, but we're hitting the target. >> of the states were to require conductity to a sig assessments? how would this requirement impact your member's ability to resolve a security beach? -- a security breach? >> i will take a pass. >> today, those assessments would be dictated by the state laws out there, which dictate different standards. that is one reason why a national standard would be helpful.

it is important to have this exception because data security in this bill is a good idea. but if our members, small or large, are regulated by the rally at, we would operate in tandem, that we have the same under glb. that means i do not have overlapping requirements under two different standards. for small businesses, that is an important thing because they do necessarily have a general counsel to rely on all the time. >> because our members often provide technologies used to prevent breaches, we also have a lot of experience in helping to identify breaches when they occur. the nature of the breach may differ and the amount of time to make the assessment. we support the provisions of the bill.

>> we need to move on. we are one minute over. >> i yield back time i did not have. >> i appreciate that very much we're happy to recognize mr. can singer for five minutes. >> as an air force guy, we hit the bull's-eye on the target every time. i think that is important to know. >> you do not want to go there, my friend. [laughter] >> i appreciate all four of you and helping us draft this important piece of legislation. some of this stuff has been touched on a little bit. in the current draft, if a company is unable to detect a bridge over several months due to insufficient security techniques, it is not necessarily that they face

bigger penalties. >> i think it is an excellent point. it would be a good change. >> we have not asked our members that question, but maybe we could follow up with you to give you an answer with that. i would say that the requirements that the ftc rights today are broad and are enforced. even the association ira has stood up several major platforms where we have had -- that i run has stood up several major platforms were we had security systems. >> are those systems full proof? >> nothing is foolproof. because of the cyber security

issues, you have learned about them in other hearings, but they're moving targets and their different targets. >> yes. >> when you look at these security requirements imposed on u.s. businesses, they are written flexibly enough to account for ongoing assessment of risk. that is one of the key components. we're comfortable with that. it is a business necessity that we protect the data we have, that we use the best technologies, that we look at new risk. our members participate in the information sharing and analysis center in order to see what kind of cyber security risks are out there. >> thank you. we support the framework of this bill. we need to get back to you about some of the specifics. we have to canvass our members. we do believe that this bill is important because it not only deals with the unification of breaches after the fat, but it

puts in place obligations -- after the fact, but it puts in place obligations. when businesses do that up front, that will minimize the need for notification, which is an important addition to the concept of this bill. >> generally, our companies are concerned about reputation all harm. they will take the best practices they can imagine. >> data security involves access control. access control would inherently require or implicitly requires some sort of intrusion detection system. otherwise, you are not controlling access. even though it is not strictly stated, it is still under control access. >> we talked about getting into the boy who cried wolf issue.

this draft could give a company an exceedingly long time to notify customers in a breach of high severity. you think that we should look into creating tears of risk? if there is a high level of risk for the consumer, then notification should be treated more significant? >> that would add a layer of complexity to an already serious problem. it is notable that, when we have these extreme bridge problems, with citibank and sony and others, very sophisticated companies, and a large number of customers, more than a month later, we still do not fully know the extent of the harm. i would try to go for a simple standard. i think it is easier to manage. >> i would have to give back to you on that. >> we believe your issue can be best addressed by using the term

"significant risk" in the bill. >> do think it should more clearly define the size and scope of companies who should have these security measures? >> yes. when talking about -- it depends on the size of the breach. in terms of the company, yes. the focus will have much different to abilities to respond than a larger size business. >> thank you. >> i would like to express gratitude for your time here today. thank you for your willingness to engage with us on this very important discussion. there are a lot of great ideas and willingness to come together with a great bill. i want to reiterate again that we think we can accomplish that goal. i am hopeful for that. i would also like to say that i was hoping for a second round of questions. but time has gone the better of

us up here. and i will have further questions in writing to send to all of you. i would like to remind the members that they have 10 business days to submit questions for the record and as witnesses to please respond promptly to any questions they receive. there is the need for renewed safeguards to protect consumer information. it is a huge challenge and i know we can get this done by working together. thank you for your time today. the subcommittee is adjourned. [captioning performed by national captioning institute] [captions copyright national cable satellite corp. 2011]

>> tomorrow, philadelphia mayor and oklahoma city mayor talk to reporters about the u.s. conference of mayors annual meeting in baltimore this weekend. some of the topics discussed include how federal spending decisions affect cities, job training programs, and infrastructure. that is live at 10:00 a.m. eastern here on c-span. >> tuesday, our road to the white house coverage continues with former u.s. ambassador to china jon huntsman. he is announcing his intention to run for president at liberty state park new jersey. this is the same location where ronald reagan kicked off his -- presidential campaign in 1980. >>