Newsroom

WASHINGTON -- National Association of Federally-Insured Credit Unions (NAFCU) Vice President of Legislative Affairs Brad Thaler in a letter today to the House Financial Services Committee, Subcommittee on Financial Institutions and Consumer Credit shared the association's data security principles and further explained that the increasing number of data breaches demonstrates the need for a national data security standard for all entities that hold or collect consumers' personal financial information – similar standards to those upheld by financial institutions.

In the letter, Thaler offered the association's support of draft legislation, The Data Acquisition and Technology Accountability and Security Act, which would establish a national standard for both data security and breach notification.

Thaler also expressed the association's support of H.R. 4028, the Promoting Responsible Oversight of Transactions and Examinations of Credit Technology Act of 2017, "NAFCU is supportive of Title I of H.R. 4028, the PROTECT Act of 2017, offered by Representative McHenry, which would subject large consumer reporting agencies to supervision and examination by the FFIEC.This would help address some of the concerns about the gaps in regulation of large credit rating agencies," Thaler wrote.

Below are NAFCU's data security principles, which include:

• requiring entities to be accountable for related costs of data breaches that occur on their end, especially if the breach is caused by that entity's negligence;
• requiring all entities that store consumer data to meet standards similar to those imposed on depository institutions under the Gramm-Leach-Bliley Act (GLBA);
• requiring merchants to post their data security policies at the point of sale if they take sensitive financial data;
• informing financial institutions of any compromised personally identifiable information when associated accounts are involved;
• disclosing names of the companies and merchants whose data systems have been violated so consumers are aware of those that place their personal information at risk;
• enforcing violations of existing agreements and law by those who retain payment card information electronically; and
• having the evidentiary burden of proving a lack of fault rest with the negligent entity that incurred the data breach.

Last month, NAFCU President and CEO Dan Berger met withHouse Financial Services Subcommittee Chairman Blaine Luetkemeyer, R-Mo., to discuss issues of importance to credit unions – including data security.

NAFCU has been a leader on data security issues in recent years. The association was the first financial trade group to call for a national data security standard for retailers in the wake of the 2013 Target breach. Last November, NAFCU witness Debra Schwartz, NAFCU Board treasurer and president and CEO of Mission Federal Credit Union (San Diego, Calif.), testified before a House Financial Services subcommittee, recommending ways to curb data breaches.

For full text of the letter, please click here.

###

The National Association of Federally-Insured Credit Unions is the only national trade association focusing exclusively on federal issues affecting the nation's federally-insured credit unions. NAFCU membership is direct and provides credit unions with the best in federal advocacy, education and compliance assistance. For more information on NAFCU, go to www.nafcu.org or @NAFCU on Twitter.