Newsroom

October 16, 2017

NAFCU pushes need for national data security standard, greater regulation of credit bureaus

Ahead of today's Senate Banking Committee hearing on consumer data security at the credit bureaus, NAFCU Executive Vice President of Government Affairs and General Counsel Carrie Hunt sent a letter reiterating NAFCU's call for a stronger national data security standard under which companies that maintain consumers' financial records are incentivized to protect the data.

The hearing – further follow-up to the Equifax data breach that affected potentially more than 145 million Americans – begins at 10 a.m. Eastern.

In her letter to Senate Banking Chairman Mike Crapo, R-Idaho, and Ranking Member Sherrod Brown, D-Ohio, Hunt wrote that credit reporting agencies already subject to parts of the Gramm-Leach-Bliley Act (GLBA), like Equifax, should be subject to the same regulatory requirements as depository institutions.

"Negligent entities should be held financially liable for any losses that occurred due to breaches on their end so that consumers aren't left holding the bag," Hunt said. "When a breach occurs at a credit bureau, depository institutions should be made aware of the breach as soon as practicable so they can proactively monitor affected accounts. Furthermore, compliance by credit bureaus with GLBA and these notification requirements should be examined for, and enforced by, a federal regulator.

"Finally, any new rules or regulations to implement these recommendations should recognize credit unions' compliance with GLBA and not place any new burdens on them," Hunt continued.

NAFCU has been a leading advocate for a national data security standard that holds all entities that handle personal financial data to the same standards as credit unions and other depository institutions under the GLBA. It has repeatedly called for action to ensure that credit unions do not bear the cost of negligent data practices by entities like Equifax.

The Senate Banking Committee will hear testimony from three witnesses during today's hearing who are expected share their respective expertise on responsible use of consumer data, the importance of upholding consumers' right to privacy and how to move forward on cybersecurity policy.

Last week, Crapo sent a letter to three federal agencies questioning their ability to oversee credit bureaus and ensure consumer data is protected. He asked for the agencies to respond to his six questions by Friday.