Hunt reiterates call to combine data security, cybersecurity

February 03, 2015

Hunt reiterates call to combine data security, cybersecurity

NAFCU Senior Vice President of Government Affairs and General Counsel Carrie Hunt reiterated the importance of coupling cybersecurity measures with a national data security standard for retailers in a letter sent in advance of a hearing today by the Senate Commerce, Science, and Transportation Committee.

"In addition to addressing cybersecurity needs, NAFCU is hopeful that Congress will soon take legislative action to address ongoing data security breaches at our nation's retailers," Hunt wrote in a letter to committee Chairman John Thune, R-S.D., and Ranking Member Bill Nelson, D-Fla. "Data security is an important part of the cybersecurity discussion and every time a consumer uses a plastic card for payment at a register or makes online payments from their accounts, they unwittingly put themselves at risk."

Last week, Hunt lodged similar recommendations in a letter to Senate Homeland Security Committee leaders. She is urging that:

breached entities be held accountable for costs resulting from their negligence;
consumers be notified of breaches and made aware of retailers' data security policies;
account servicers be notified; and
retailers be held to account for violating prohibitions on data retention.

Today's hearing, "Building a More Secure Cyber Future: Examining Private Sector Experience with the NIST Framework," is set for 10 a.m. Eastern. In her letter, Hunt said the National Institute of Standards and Technology's initiative and framework are a good step, but are tailored to larger institutions. She said smaller institutions, such as credit unions, need guidance that is specific to their size and resources.

NAFCU is a member of the Payments Security Task Force, a diverse group of participants in the payments industry that is focused on EMV chip implementation and is driving a discussion on payments system security. NAFCU is also a member of the Financial Services Sector Coordinating Council and the Financial Services Information Sharing and Analysis Center, which work on infrastructure cybersecurity.

Newsroom