Newsroom

The need for a single national data security standard was brought up during a hearing held Wednesday by the House Small Business Committee on the impact cyber threats have on small businesses and the government.

All the hearing witnesses testified to the need to eliminate the patchwork of 51 state regulations and several federal agency regulations on disclosure and protections. Rep. Blaine Luetkemeyer, R-Mo., noted that there should be some type of a standard, mandatory data security policy in place.

Witnesses also noted the need to ensure that the National Institute of Standards and Technology cybersecurity framework and other standards take into account the burdens and exposure of small businesses versus those of large businesses.

Committee members were generally in agreement that cybersecurity is an evolving process that requires continual improvement on the part of small businesses to secure their data and stay up to date with current and evolving trends.

Committee Chairman Steve Chabot, R-Ohio, focused on the security of consumer data being used and stored by small businesses and the increasing pace with which technology is advancing and making cybersecurity ever more challenging during his opening remarks. He also noted the lack of confidence shown in the federal government after the IRS and OPM breaches.

NAFCU continues to push for the adoption of the "Data Security Act of 2015," (H.R. 2205/S.961), which would hold retailers to the same standards financial institutions follow.