Members of the Senate Commerce, Science, and Transportation Committee yesterday indicated their support of a national data security standard – something for which NAFCU has long advocated – during another congressional hearing on consumer data security in the wake of the massive Equifax data breach.
NAFCU has been a leading advocate for a national data security standard that holds all entities that handle personal financial data to the same standards as credit unions and other depository institutions under the Gramm-Leach-Bliley Act (GLBA). It has repeatedly called for action to ensure that credit unions do not bear the cost of negligent data practices by entities like Equifax.
Committee Chairman John Thune, R-S.D., in his opening statement called for a national standard for data security. However, Thune acknowledged that Equifax is held to the standards of GLBA and suggested that the act may need strengthening.
Committee Ranking Member Bill Nelson, D-Fla., also called for expanding the Federal Trade Commission's authority in order to write rules requiring commercial sector to protect data with national standard.
In a letter sent to Thune and Nelson prior to the hearing, NAFCU Vice President of Legislative Affairs Brad Thaler wrote that credit reporting agencies already subject to parts of the GLBA, like Equifax, should be subject to the same regulatory requirements as depository institutions. Additionally, NAFCU has worked to ensure that any congressional action to improve data security standards do not place additional regulatory burdens on credit unions.
Witnesses at the hearing included executives from Equifax, Yahoo!, Verizon Communications Inc. and Entrust Datacard Corp. It was first time Equifax's current CEO testified on the issue before Congress.
Last week, NAFCU recommended ways for Congress to create a national data security standard and greatly minimize the number and impact of data breaches during the association's eighth testimony before Congress. NAFCU will continue to monitor congressional action related to data security and engage with lawmakers to ensure negligent entities – rather than consumers or credit unions – are held liable.