Newsroom

NAFCU President and CEO Dan Berger met Tuesday with House Financial Services Subcommittee Chairman Blaine Luetkemeyer, R-Mo., to discuss issues of importance to credit unions – including data security.

NAFCU Vice President of Legislative Affairs Brad Thaler and Director of Political Affairs Chad Adams were also in the meeting.

NAFCU has been a leading advocate for national data security standards. Last November, a NAFCU witness testified before Luetkemeyer's subcommittee – Financial Institutions and Consumer Credit – and recommended ways to curb data breaches. The association was also the first financial trade group to call for a national data security standard for retailers in the wake of the 2013 Target breach.

In a letter sent to the full subcommittee ahead of a hearing today on data security, Thaler explained that the increasing number of data breaches demonstrates the need for a national data security standard for all those entities that hold or collect consumers' personal financial information – similar standards to those upheld by financial institutions.

Thaler outlined the association's principles for such a standard, which includes:

• requiring entities to be accountable for related costs of data breaches that occur on their end, especially if the breach is caused by that entity's negligence;
• requiring all entities that store consumer data to meet standards similar to those imposed on depository institutions under the Gramm-Leach-Bliley Act (GLBA);
• requiring merchants to post their data security policies at the point of sale if they take sensitive financial data;
• informing financial institutions of any compromised personally identifiable information when associated accounts are involved;
• disclosing names of the companies and merchants whose data systems have been violated so consumers are aware of those that place their personal information at risk;
• enforcing violations of existing agreements and law by those who retain payment card information electronically; and
• having the evidentiary burden of proving a lack of fault rest with the negligent entity that incurred the data breach.

Thaler encouraged the subcommittee to work together with other House committees and the Senate to develop and advance data security legislation this year.

Last year, Berger wrote a popular piece in The Hill about the need for a national data security standard.