Critics of the proposed bill have blasted it, claiming that it would preempt much stronger state laws already in place while allowing financial services companies too much leeway in deciding when to disclose a security breach.