Newsroom

Jan. 16, 2014 – A NAFCU-backed bill to expand breach notification requirements of U.S. businesses was introduced by Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo., on Wednesday.

The bill – "The Data Security Act of 2014," S. 1927 – would increase requirements for businesses without burdening financial institutions – such as credit unions – already subject to data protection measures under the Gramm-Leach-Bliley Act.

NAFCU President and CEO Dan Berger praised the legislation, saying, "We thank Sens. Tom Carper and Roy Blunt for their leadership in introducing this important legislation that heeded our concerns about the lack of minimum data security measures among retailers. We look forward to working with lawmakers to advance S. 1927."

Like similar legislation the senators proposed in 2012, the new bill is expected to provide a GLB Act carve-out – a measure that NAFCU deems essential in any new data security package. Breached entities would be responsible for investigating the scope of the breach and reporting the findings to appropriate agencies.

This and related efforts are picking up in the wake of the Target Corporation data breach. Target has now said its breach potentially affects up to 110 million consumers.

Numerous congressional committees are looking at this issue and considering action. Among these panels are House Oversight, House Financial Services, House Energy and Commerce, Senate Commerce, Senate Banking and Senate Judiciary. NAFCU has reached out to each in its efforts to win action that would make merchants accountable for breaches on their end.