Newsroom

February 13, 2017

Thaler urges national standards for data security

One way to improve cybersecurity and protect consumers' sensitive data would be to establish national standards for data security, NAFCU's Brad Thaler said in a letter Monday to leaders of a House Science, Space, and Technology subcommittee ahead of a hearing today on the issue.

Today's hearing, "Strengthening U.S. Cybersecurity Capabilities," is being held by the Subcommittee on Research and Technology.

Thaler, NAFCU's vice president of legislative affairs, told subcommittee Chairwoman Barbara Comstock, R-Va., and Ranking Member Daniel Lipinski, D-Ill., that financial institutions, including credit unions, have been subject to federal standards on data security since the passage of the Gramm-Leach-Bliley Act. Yet, retailers and many other entities that handle sensitive personal financial data are not subject to these same standards.

"Americans' sensitive financial and personally identifiable information will only be as safe as the weakest link in the security chain," he wrote.

Thaler noted that credit unions often suffer steep losses in re-establishing member safety and security after a data breach because they have to absorb fraud-related losses, "many of which stem from a negligent entity's failure to protect sensitive financial and personal information in their systems."

He cited results of a Gallup poll conducted Oct. 5-9, 2016, that found for the third consecutive year that 69 percent of U.S. adults are frequently or occasionally concerned about having their credit card information stolen by hackers.

He urged Comstock and Lipinski to support and consider legislation that would create national data security standards, akin to the "Data Security Act of 2015" (H.R. 2205). That bill passed the 114th Congress' House Financial Services Committee with a strong bipartisan vote of 46-9.