Newsroom

NAFCU, with other financial trade organizations, wrote members of Congress Friday to provide their perspective on what should be included in a legislative approach to data security and to reiterate the strict data protection and notification standards already in place for financial institutions.

To serve as a guide for drafting legislation, the financial organizations recommended to Congress the following set of principles:

• strong national data protection and notification standards with enforcement provisions;
• recognition of financial institutions' robust data protection and notification standards under the Gramm-Leach-Bliley Act;
• quick notification to consumers if a breach has occurred and authority for banks and credit unions to inform their customers and members about the breach and where it took place; and
• assurance that data breach costs are borne by the entity that was breached.

"Some industries – including the financial industry – are required by law to develop and maintain robust internal protections to combat and address criminal attacks, and are required to protect consumer financial information and notify consumers when a breach occurs within their systems that will put their customers at risk," the groups wrote. "The same cannot be said for other industries, like retailers, that routinely handle this same information and increasingly store it for their own purposes."

The financial trades reminded Congress of the requirements and safeguards already in place for their members, including:

• federal requirements to protect information under the Gramm-Leach-Bliley Act;
• federal requirements to notify consumers whenever there is a data breach;
• strong federal oversight and examination by the Federal Reserve System, Office of the Comptroller of the Currency, FDIC and NCUA; and
• strong federal sanction authority, including monetary penalties for failure to comply with requirements.

Along with NAFCU, the joint letter was signed by CUNA, American Bankers Association, Independent Community Bankers Association, Financial Services Roundtable, Consumer Bankers Association and The Clearing House.

A similar letter was sent Friday to the House Commerce Subcommittee on Commerce, Manufacturing, and Trade ahead of its data security hearing scheduled for Tuesday.