Newsroom

NAFCU President and CEO Dan Berger asserted the association's ongoing focus on winning passage of comprehensive data and cybersecurity legislation, one of the association's top priorities for 2018, in an op-ed published yesterday in CUTimes.

Berger noted that frequent data security breaches – in 2017 there were more than 1,200 reported by late November – have made protecting personal information nearly impossible and have cost financial institutions as they work to protect and restore affected members' accounts. Berger cited a NAFCU survey that found merchant data breaches in 2016 "cost each credit union an estimated $362,000 in direct and indirect costs, including expenses related to monitoring, reissuance, fraud investigation, or losses and insurance."

"It's imperative that everyone in the payments ecosystem take an active role in addressing emerging threats and protecting consumers' personal financial information," Berger wrote. "Credit unions, which serve more than 110 million member-owners, should not have to pay for the mistakes of third parties handling their members' data. We need Congress to act so those members, and all Americans, can transact business with the knowledge that everyone handling their data is doing so responsibly."

Berger said that NAFCU will work with lawmakers to pass legislation that would:

• hold all entities that handle personal financial data to the same federal standards credit unions and other depository institutions follow under the Gramm-Leach-Bliley Act (GLBA);
• require that all organizations subject to parts of GLBA – including Equifax – also be examined by a regulator for compliance; and
• ensure that negligent companies be held financially liable for losses occurring due to breaches on their end.

Read Berger's full op-ed here.