Newsroom

NAFCU Vice President of Legislative Affairs Brad Thaler urged a House Energy and Commerce subcommittee to strengthen the data security draft bill they will mark up today so it can better protect credit unions and their members.

The House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade will mark up the bill they discussed last week. Thaler wrote to committee Chairman Fred Upton, R-Mich., Ranking Member Frank Pallone, D-N.J., and subcommittee Chairman Michael Burgess, R-Texas, and Ranking Member Jan Schakowsky, D-Ill., in advance of today's mark-up.

"One way to strengthen the legislation would be to require FTC rulemaking authority for data security standards, as was recommended by the Federal Trade Commission (FTC) witness at last week's hearing," Thaler wrote. "An additional way would be to include language to make those entities that fail to meet a data protection standard liable for any costs incurred from a breach of their systems.

"At the very least," he continued, "the legislation needs to ensure that credit unions and others maintain a right to seek legal redress of any costs that they incur from a data breach."

In Monday's letter and one sent last week, Thaler urged lawmakers to incorporate in the draft bill a strong national data security standard for retailers and requirement for rulemaking; and strengthen the exemption for Gramm-Leach-Bliley Act-covered entities.

The draft bill is sponsored by Reps. Peter Welch, D-Vt., and Rep. Marsha Blackburn, R-Tenn.

NAFCU is pushing for action on legislation to ensure that:

• breached entities be held accountable for costs resulting from their negligence;
• consumers be notified of breaches and made aware of retailers' data security policies;
• account servicers be notified; and
• retailers be held to a strong national standard on data security.