Newsroom

NAFCU Senior Vice President of Government Affairs and General Counsel Carrie Hunt wrote House Homeland Security Committee Chairman Michael McCaul, R-Texas, supporting his cybersecurity bill – which passed the House in July – and urged congressional action on data security.

"Data security is an important part of the cybersecurity discussion and every time a consumer uses a plastic card for payment at a register or makes online payments from their accounts, they unwittingly put themselves at risk," she wrote Monday. "[A]ny entity that stores financial or personally identifiable information should be held to minimum federal standards for protecting such data."

McCaul's bill, H.R. 3696, the "National Cybersecurity and Critical Infrastructure Protection Act," would strengthen current mechanisms, such as the Financial Services Sector Coordinating Council and the Financial Services Information Sharing and Analysis Center, to help the financial sector identify threats, respond to cyber incidents and coordinate with government bodies. It also addresses security clearances for those involved in cybersecurity information sharing.

Hunt pointed to a recent Gallup poll from Oct. 12-15 in which 69 percent of U.S. adults said they frequently or occasionally are concerned about their credit card information being stolen; 27 percent said they or another household member had information from a credit card used at a retailer stolen in the last year.

Hunt said financial institutions, including credit unions, are subject to strict data security standards under the Gramm-Leach-Bliley Act, but retailers are not. She also wrote that it is financial institutions that must cover the costs in "re-establishing member safety after a data breach occurs."

NAFCU is continuing to urge lawmakers to address data security by merchants in connection with broader legislation on cybersecurity. NAFCU was the first financial trade association to press for national standards for merchants' data security following the Target breach.