Newsroom

Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo., introduced a NAFCU-backed data security bill today that would bring retailers under a national standard akin to that prescribed under the Gramm-Leach-Bliley Act for financial institutions.

The bill would also consider financial institutions already in compliance due to Gramm-Leach-Bliley – a treatment NAFCU has pushed for. The bill clarifies that financial regulators such as NCUA would maintain authority over financial institutions, while the Federal Trade Commission would have jurisdiction over those currently unregulated, such as retailers.

"NAFCU welcomes this legislation to tackle the data security issue from a financial institution perspective," said Brad Thaler, the association's vice president of legislative affairs. "We appreciate this bipartisan move by Senators Blunt and Carper to create a national standard of data protection for retailers. We urge the Senate to support this reform effort to make consumers safer and provide regulatory relief to financial institutions."

The bill would also protect consumers' and financial institutions' ability to sue retailers for actual financial damages for negligence in the wake of a data security breach and for punitive damages in the case of a willful violation of the bill's provisions.

Thaler said the association will continue its push to hold retailers liable for the cost of breaches that occur on their end.

Next week, NAFCU President and CEO Dan Berger will testify before the House Small Business Committee on the association's data security principles.

NAFCU has been pushing for the passage of a data security bill that would create a strong national standard of protection for retailers, recognize credit unions' compliance with the Gramm-Leach-Bliley Act and hold retailers accountable for breaches occurring on their end.