NAFCU urges national data security standards
April 2, 2014 – NAFCU Vice President of Legislative Affairs Brad Thaler wrote the leaders of the Senate Homeland Security and Governmental Affairs Committee in advance of today’s hearing on data security, to urge the adoption of national data security standards for retailers.
Thaler cited NAFCU’s estimate that the massive Target Corporation data breach will cost credit unions almost $30 million, and noted that smaller, less notorious breaches since, taken together, have affected as many customers again.
“Financial institutions, including credit unions, have been subject to standards on data security since the passage of the Gramm-Leach-Bliley Act,” Thaler wrote. “However, retailers and many other entities that handle sensitive personal financial data are not subject to these same standards, and they become victims of data breaches and data theft all too often. While these entities still get paid, financial institutions bear a significant burden as the issuers of payment cards used by millions of consumers.”
In particular, Thaler praised legislation from committee Chairman Thomas Carper, D-Del., and Sen. Roy Blunt, R-Mo. – the “Data Security Act of 2014” – which would make progress in establishing a federal standard for protecting data, and exempt financial institutions already subject to the “Gramm-Leach-Bliley Act.” NAFCU will continue to work with lawmakers to ensure federal data security standards don’t result in additional regulatory burden on credit unions.
NAFCU will also monitor the House Financial Services hearing on alleged discrimination at the CFPB today, and the scheduled mark-up of the “Patent Transparency and Improvements Act of 2013,” S. 1720, by the Senate Judiciary Committee tomorrow. NAFCU has been working in support of patent reform legislation, including House-passed H.R. 3309, the “Innovation Act,” introduced by House Judiciary Committee Chairman Bob Goodlatte, R-Va., and two separate bills from Sens. Charles Schumer, D-N.Y., and Orrin Hatch, R-Utah, that would help discourage patent trolls from filing frivolous lawsuits.
NAFCU on data security