Newsroom

While sharing the credit union perspective during a data security hearing Wednesday before the House Small Business Committee, NAFCU President and CEO Dan Berger explained that any data security bill needs three components to be successful: information sharing, timely notification and a national standard for retailers and merchants.

A national data security standard for retailers and merchants would "level the playing field" and ensure all parties are held accountable, Berger told committee Chairman Steve Chabot, R-Ohio. Berger reiterated that credit unions and other financial institutions are already held to strict data security standards under the Gramm-Leach-Bliley Act.

Berger was responding to a question from Chabot, who asked panelists their thoughts on an information-sharing bill, H.R. 1731, introduced by House Homeland Security Committee Chairman Michael McCaul, R-Texas. The House is expected to vote on the bill today; Berger noted NAFCU's support during Wednesday's hearing but said more is needed for effective protection of data.

NAFCU's Berger testifying before the House Small Business Committee on Wednesday. (Dietsch photo)

In Q&A, Rep. Brenda Lawrence, D-Mich., asked Berger about the cost of retailer data breaches to credit unions. Berger said the Home Depot data breach alone cost credit unions about $30 million and added that credit unions rarely get reimbursed. And while EMV (and other technology) is great, it's not a "panacea" and would not have prevented the Home Depot or Target data breaches, he added.

Berger testified Wednesday alongside representatives from Intel Corporation, the National Small Business Association and the National Cybersecurity Institute.

The hearing was covered today by The Washington Post.