Newsroom

The cyber security bill being debated in the Senate would be improved if it included a NAFCU-backed amendment requiring non-financial institutions to have the same type of data safeguard protections that credit unions have under the Gramm-Leach-Bliley Act, NAFCU President and CEO Fred Becker told Senate leaders Tuesday.

In a July 31 letter, Becker pointed out that the risk of a data breach continues to be a serious problem for both consumers and businesses. "Consumers trust that entities collecting their financial and personal information will, at the very least, make a minimal effort to protect them from such risks," he said. "Unfortunately, this is not always the case."

While credit unions and other financial institutions continue to be subject to data security standards under Gramm-Leach-Bliley, no corresponding requirements exist for retailers and many other entities, he noted. Unfortunately, Becker said, "all too often their customers become victims of data breaches and data theft due to their lack of security."

Attaching the Carper-Blunt amendment to S. 3414, the Cyber Security Act of 2012, would address this. Modeled after Gramm-Leach-Bliley, the amendment, which was introduced by Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo., would expand breach notification requirements to all U.S. businesses.If approved, any entity that experiences a security breach and compromise of sensitive data would be responsible for investigating the scope of the breach and reporting the findings to the appropriate agencies, Becker said.

The NAFCU chief also noted there are "critical homeland security considerations at stake" when it comes to data safety issues. "Weaknesses in the protection of consumer financial information can and have helped terrorist networks and organized crime groups fund their operations," he said.

In addition, credit unions "bear a significant burden" as the issuers of payment cards used by millions of consumers. "Credit unions suffer steep losses in re-establishing member safety after a data breach occurs," he noted. "They are often forced to charge off fraud related losses, many of which stem from a negligent entity's failure to protect sensitive financial and personal information or the illegal maintenance of such information in their systems."

With that in mind, Becker called the enactment of the Carper-Blunt amendment "critical" and said NAFCU is looking forward to working with the Senate on the issue of data security.