NAFCU President and CEO Dan Berger yesterday urged congressional action to ensure that credit unions do not bear the cost of negligent data practices by entities like Equifax.
Berger made his call for increased data security responsibility in a letter sent to House Energy and Commerce Subcommittee Chairman Bob Latta, R-Ohio, and Subcommittee Ranking Member Jan Schakowsky, D-Ill., ahead of the Subcommittee on Digital Commerce and Consumer Protection's hearing today on the Equifax data breach. The hearing begins at 10 a.m. Eastern.
In the letter, Berger said the frequency with which data breaches occur is "unacceptable," as these events "have become a constant concern of the American people."
Berger urged that all entities that handle personal financial data be subject to the same standards credit unions and other financial depository institutions follow under the Gramm-Leach-Bliley Act (GLBA), and he specifically called for credit rating agencies already subject to the GLBA, like Equifax, to undergo the same examinations for compliance as credit unions.
"Americans’ sensitive financial and personally identifiable information will only be as safe as the weakest link in the security chain," Berger wrote. "While financial institutions, including credit unions, have been subject to federal standards on data security, and examination by regulators on these standards … retailers and many other entities that handle sensitive personal financial data are not subject to these same standards. Consequently, they have become the vulnerable targets of choice for cybercriminals."
In addition to calling for a national data security standard similar to GLBA for all entities not currently covered by the act, Berger said negligent entities should be liable for any costs and damage caused by a data breach.