Jan. 17, 2014 – Amid continuing data security concerns and the reintroduction of a bill expanding data breach notification requirements in the Senate, legislators are heading home for a district work period next week.NAFCU is urging its members to contact lawmakers to express concerns about data security and the burden placed on credit unions when retailers are not held responsible for breaches on their end.On Wednesday, NAFCU-backed legislation to expand data breach prevention and notification requirements for U.S. businesses was introduced by Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo. The "Data Security Act of 2014," S. 1927, would set requirements for businesses to better implement, maintain and enforce policies to protect sensitive information.
S. 1927 would not impose new burdens on financial institutions, including credit unions, already subject to data protection standards under the Gramm-Leach-Bliley Act. NAFCU views such a carve-out for credit unions essential as the debate surrounding data security reform ramps up. NAFCU President and CEO Dan Berger praised the legislation, saying, “We thank Sens. Tom Carper and Roy Blunt for their leadership in introducing this important legislation that heeded our concerns about the lack of minimum data security measures among retailers. We look forward to working with lawmakers to advance S. 1927.”NAFCU was the first financial trade association to call for increased responsibility for retailers regarding data security breaches, following the Target revelation. Holding retailers responsible for data security breaches is a key point in NAFCU’s five-point plan for regulatory relief for credit unions.As additional information about the Target breach develops, and other breached retailers come forward, several congressional committees are considering taking action on this issue. Among these panels are House Oversight and Government Reform, House Financial Services, House Energy and Commerce, Senate Commerce, Senate Banking and Senate Judiciary. NAFCU has reached out to each in its efforts to win action that would hold merchants accountable for data breaches on their end.