March 22, 2013 – A NAFCU-penned letter outlining the association's core principles regarding data security was officially entered into the record of Thursday’s House subcommittee hearing addressing cyber-attacks on small businesses.
The hearing, held by the House Small Business Subcommittee on Health and Technology, focused on the rising wave of these attacks, steps being taken to address them and measures that should be included in a legislative solution. On the latter issue, Subcommittee Chairman Chris Collins, R-N.Y., said the panel wants to “identify the correct balance” between imposing new regulations for small businesses and protecting the nation’s digital infrastructure.
Prior to the hearing, NAFCU Vice President of Legislative Affairs Brad Thaler wrote to the subcommittee with recommendations for strengthening data security. One of the key themes in Thaler’s letter – the need for national standards for safekeeping of all financial information – was raised at the hearing.
One witness, Dan Shapero, founder of ClikCloud, a California-based, small-business technology company, said the state-by-state patchwork approach to data security has created problems for companies like his. He urged the panel to pass national standards.
Another witness, William Weber, senior vice president and general counsel for the Atlanta, Ga.-based Cbeyond, pressed the subcommittee about the need to educate small businesses about cyber threats such as distributed denial of service attacks. He emphasized the importance of communicating to these companies that they must have the appropriate defenses in place.
Data security reform is one of the priorities outlined in NAFCU's five-point plan for broad-based credit union regulatory relief. NAFCU is seeking legislation that would, among other things, hold merchants accountable for the costs of data breaches; require merchants to disclose their data security policies to customers; and require timely disclosures in the event of a breach.