Newsroom

NAFCU Vice President of Legislative Affairs Brad Thaler reiterated the importance of addressing cybersecurity measures with a national data security standard for retailers in a letter sent in advance of a hearing today by the House Committee on Homeland Security on the president's cybersecurity information sharing proposal.

"In addition to addressing cybersecurity needs, NAFCU is hopeful that Congress will also soon take legislative action to address ongoing data security breaches at our nation's retailers," Thaler wrote Tuesday to Committee Chairman Michael McCaul, R-Texas, and Ranking Member Bennie Thompson, D-Miss.

Thaler said retailers and other entities that handle consumers' sensitive personal financial data are not subject to the same standards of financial institutions under the Gramm-Leach-Bliley Act. When a data breach at a retailer occurs, "credit unions suffer steep losses in re-establishing member safety," he wrote.

In the letter, Thaler urged that:

• breached entities be held accountable for costs resulting from their negligence;
• consumers be notified of breaches and made aware of retailers' data security policies;
• account servicers be notified; and
• retailers be held to account for violating prohibitions on data retention.

President Barack Obama highlighted the White House cybersecurity legislative proposal, which includes mandates for businesses to notify consumers of breaches, during a cybersecurity submit held earlier this month and attended by NAFCU President and CEO Dan Berger.

NAFCU is a member of the Payments Security Task Force, a diverse group of participants in the payments industry that is focused on EMV chip implementation and is driving a discussion on payments system security. It is also a member of the Financial Services Sector Coordinating Council and the Financial Services Information Sharing and Analysis Center, which work on infrastructure cybersecurity.