Newsroom

NAFCU Senior Vice President of Government Affairs and General Counsel Carrie Hunt wrote the leaders of the Senate Homeland Security Committee in advance of today's hearing on cybersecurity to reiterate NAFCU's belief that better cybersecurity should be coupled with a national data security standard.

"Data security is an important part of the cybersecurity discussion," Hunt wrote in a letter to Chairman Ron Johnson, R-Wis., and Ranking Member Thomas Carper, D-Del. "Traditionally, consumers have trusted that entities collecting this type of information will, at the very least, make a minimal effort to protect them from such risks. Unfortunately, in the wake of several headline-grabbing retailer breaches in recent months, this does not seem to be the case today."

Last week, Hunt urged the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade to act on data security. Writing in advance of a hearing Tuesday on the issue, she said legislation must ensure that:

• breached entities be held accountable for costs resulting from their negligence;
• consumers be notified of breaches and made aware of retailers' data security policies;
• account servicers be notified; and
• retailers be held to account for violating prohibitions on data retention.

During Tuesday's hearing, lawmakers discussed the urgency of the data security situation; full-committee Chairman Fred Upton, R-Mich., said, "We cannot let data breach legislation be sunk by extraneous issues."

Jennifer Glasgow, of Acxiom Corporation, testified that the Gramm-Leach-Bliley Act has "stood the test of fifteen years in the marketplace" and could serve as a model for a new data security standard's language. Several witnesses mentioned chip-and-PIN technology; NAFCU has noted that chip-and-PIN would not have prevented recent breaches executed by malware and would not protect against online fraud.

Today's Senate committee hearing, set for 1:30 p.m. Eastern, will focus on cyber attacks and information sharing.