Newsroom

Data breaches are costly to Americans and need to be addressed with national data security standards such as those proposed in the "Data Security Act of 2015," NAFCU Vice President of Legislative Affairs Brad Thaler urged in a letter Tuesday to House leaders.

"Americans' sensitive financial and personally identifiable information will only be as safe as the weakest link in the security chain," Thaler wrote in his letter last night to House Speaker Paul Ryan, R-Wis., and Minority Leader Nancy Pelosi, D-Calif. He noted that while financial institutions are subject to the federal standards of the Gramm-Leach-Bliley Act, retailers are not. "Consequently, many large retailers who handle financial data have become the vulnerable targets of choice for cybercriminals."

The Retail Industry Leaders Association yesterday lodged its opposition to H.R. 2205 in its own letter to lawmakers. However, Thaler said credit unions must absorb steep losses as they work to reestablish member safety following merchant data breaches. "As credit unions are not-for-profit cooperatives, the nation's over 103 million credit union members – your constituents – are the ones that are ultimately impacted by these costs," he said.

He added that the "Data Security Act of 2015," H.R. 2205, introduced by Reps. Randy Neugebauer, R-Texas, and John Carney, D-Del., would create flexible, scalable requirements that would protect consumer data while encouraging innovation to protect consumers from future threats not yet anticipated.

"Just as the GLBA institutes requirements that are appropriate for both the smallest credit unions and the biggest banks, this legislation would allow for appropriate standards for the smallest corner store to the largest retailers," he wrote.