Board of Directors
Become a NAFCU Member
NAFCU Survey of Credit Unions Key Findings
NAFCU Employment Opportunities
We'd love to share more with you.
Connect with NAFCU
Legislative & Regulatory Issues
ADA Website Litigation
Credit Union Tax Exemption
Defense Credit Union Issues
Field of Membership
Housing Finance Reform
Member Business Lending
NCUA Money Watch
Regulatory Comment Letters
Legislative Policy Letters
Beltway Buzz Enewsletter
Grassroots Action Center
We are sharpening our government-watchdog focus for you in 2018.
See 2018 Priorities
Regulation & Compliance
Hot Compliance Topics & Resources
Military Lending Act Compliance
2016 Mortgage Servicing Rules & TRID Compliance
Hurricane Disaster Recovery Resources
Equifax Data Breach Resources
Monthly Compliance Enewsletter
Quarterly BSA Enewsletter
Compliance 101 Manual
Compliance GPS Manual
Exam Fairness Guide
Book of Answers
NAFCU Compliance Blog
Contact the Compliance Team
Compliance Policy Sharing
Compliance Resources Search
Compliance Certification Program
Become an NCCO
Purchase or Retake Exams
Maintaining Your NCCO
Submit Non-NAFCU Programs for Credits
NCCO Program FAQs
BSA Certification Program
Maintaining Your NCBSO
Article: How To Make Your Compliance Team Best In Class
Data & Research
Economic & Credit Union Industry Trends
CU Industry Trends Quarterly Report
Economic and CU Research Enewsletter
Macroeconomic Data Flash Reports
Salary Comparison Report
Share Insurance Fund Analysis & Forecast
NAFCU Annual Report on Credit Unions
Credit Union Federal Tax Exemption Study
Participate in Credit Union Research Surveys
Measure Your CU Financial Performance
Credit Union Capital Management Tools
CU Data & Research Publications
Economic Data & Forecast Web Links
Information is power. Get custom reports, data and tools to help your CU grow.
Help My CU Grow
Education & Conferences
Strategic Growth Conference
Regulatory Compliance School
CEOs and Senior Executives Conference
Board of Directors and Supervisory Committee Conference
Annual Conference and Solutions Expo
Risk Management Seminar
Management and Leadership Institute
Regulatory Compliance Seminar
Request to Present
Advertise & Exhibit
Live and On-Demand Webcasts
Online Compliance Training Subscription
Board of Directors Online Training Subscription
All Access Pass
New Staff Online Training
Compliance Certification Program
BSA Certification Program
Risk Certification Program
Volunteer Certification Program
Financial Literacy Training Certificate
BSA Training Certificate
Supervisory Committee Training Certificate
Credits for CPAs
NAFCU's 2018 training lineup will give you the credit union training available.
About NAFCU Services
Preferred Partners A-Z
Growth and Retention
Financial and Insurance
Infrastructure and Operations
Training and Compliance
Risk and Security
Live Webinar Schedule
NAFCU Services Blog
Become a Preferred Partner
Contact NAFCU Services
Free financial calculators for NAFCU members.
GET THE CALCULATORS NOW
NAFCU's 8th Hill testimony this year provides ways to curb data breaches
Debra Schwartz, NAFCU Board treasurer and president and CEO of Mission Federal Credit Union (San Diego, Calif.), testifying before the House Financial Services Subcommittee on Financial Institutions and Consumer Credit. (Photo by Kristoffer Tripplaar)
November 2, 2017
Leveling the playing field for all entities that hold consumers' personal financial information with the creation of a national standard for data security would greatly minimize the numbers and impact of data breaches, said NAFCU witness Debra Schwartz during congressional testimony Wednesday.
Schwartz, NAFCU Board treasurer and president and CEO of Mission Federal Credit Union (San Diego, Calif.), was testifying before the House Financial Services Subcommittee on Financial Institutions and Consumer Credit. Schwartz was the only financial institution representative offering testimony on the witness panel yesterday.
While many of the questions Schwartz fielded during the hearing addressed how consumers should be notified of data breaches, she noted that the real objective should be preventing data breaches from happening in the first place.
Throughout the hearing she stressed the effectiveness of the Gramm-Leach-Bliley Act (GLBA). GLBA, she said, "has been dynamic, scalable and flexible." She added that it works for all credit unions of all asset sizes and provides an excellent model for a national standard that all entities can follow.
She also said the Data Security Act of 2015 (H.R. 2205), introduced in the last Congress, was another strong solution to the ongoing problem of data security breaches. During Q&A with Rep. Andy Barr, R-Ky., Schwartz noted how H.R. 2205 did a "very nice job" at providing a level playing field for all entities involved in the safekeeping of consumers' personal data.
Barr also went on to discuss the increased costs community banks and credit unions in his district are incurring because of data security concerns and asked Schwartz her thoughts on the weakest link in the data security system. She said the weakest link is where the criminals are going to go and that currently is at the merchant level. She suggested that if the merchants just do some basic financial "hygiene" – such as clearing out old data that isn't needed any more – the incidents and impact of data breaches would likely be lessened.
Rep. Ed Royce, R-Calif., listed the cost various data breaches have caused credit unions in his area and asked Schwartz if those numbers rang true for her. She agreed, and said her credit union has spent $1.7 million so far this year on fraud costs.
Rep. Mia Love, R-Utah, also spent her time asking Schwartz about data breach costs and compliance, particularly if there was a way to enforce compliance. "If entities followed GLBA requirements, it's very possible the Equifax breach would have never happened," Schwartz said. Love asked if entities were held financially responsible for breaches that occur on their end, would we see fewer breaches happen? Schwartz responded, "no question," and Love said all entities need to "have some skin in the game."
NAFCU has been a leading advocate for national data security standards that hold all entities that handle personal financial data to the same standards as credit unions and other depository institutions. The association has repeatedly called for action to ensure that credit unions do not bear the cost of negligent data practices by any entity.
"I am proud of our advocacy team for all it has accomplished this year, including continuing to build the relationships that lead to credit union representatives testifying eight times before Congress," said Carrie Hunt, NAFCU's executive vice president of government affairs and general counsel. "We thank Debra Schwartz for being part of these efforts – it is imperative that legislators hear the impact their decisions will have on businesses and consumers. NAFCU and our members will continue to seek out opportunities to ensure issues affecting credit unions, like data security, are responsibly addressed."
In related news, the Senate Commerce, Science, and Transportation Committee will hold a hearing titled "Protecting Consumers in the Era of Major Data Breaches" Nov. 8. Witnesses include executives from Equifax, Yahoo!, Verizon Communications Inc. and Entrust Datacard Corp.
NAFCU reiterates support for strong data security legislation in joint letter with other financial trades
Trump to nominate Powell as Fed chair today
NAFCU joins White House for signing of CFPB arbitration rule repeal