Newsroom

July 27, 2012 – The Senate is expected to begin debate early next week on cybersecurity legislation aimed at streamlining the way government and private companies address and prepare for threats.

The Senate voted Thursday to approve a motion to proceed on S. 3414, "The Cybersecurity Act of 2012," legislation that would require greater coordination among federal agencies in sharing information about cyber threats.

Among other things, the bill would establish an interagency National Cybersecurity Council to conduct risk assessments, call for the formation of a new cyber security-related public-private partnership and require the Office of Personnel Management to bolster the training and preparedness of the cyber security professionals in the federal workforce.

NAFCU has followed cyber-related legislation closely and urged Congress to include critical data security provisions in any final cyber legislation. These provisions include:

• requiring any entity that collects sensitive consumer information to adhere to national standards for data security;
  
• data security policy disclosure for any entity that collects sensitive consumer data, including disclosure after any breach or compromise;
  
• enforcement of prohibition on certain data retention practices;
  
• notification to account servicer in the event of a breach;
  
• burden of proof in data breach cases that require breached parties to demonstrate they adhered to national standards for covered data security;
  
• if standards are not met for protection, holding liable the entity best situated to prevent a breach;
  
• exempt any entity covered under the Gramm-Leach-Bliley Act from new data protection standards.