Data Privacy and Security
Technology and the role of data in our economy have significantly changed over the last two decades, but federal law has not kept pace.
NAFCU advocates for a comprehensive federal data privacy and security standard that covers all entites that collect and store consumer information. In the absence of a national standard, many states have passed their own privacy and data security laws, leaving credit unions to comply with a patchwork of state privacy laws in addition to the existing, strong standards under the Gramm-Leach-Bliley Act, its implement regulations, and examiner expectations. Without a national data security standard for merchants and retailers who handle member’s financial data, credit unions bear the burden of merchants’ security practices as they incur steep losses in order to reestablish member safety. High profile scandals related to information sharing and breaches at numerous retailers proves that much more needs to be done to protect the privacy and security of consumers' financial data.
How This Impacts You
Privacy and data security requirements are becoming increasingly fragmented as multiple states establish their own privacy frameworks. Credit unions may find themselves facing multiple conflicting requirements at the federal and state levels, resulting in expensive and confusing compliance burden. While these frameworks may contain liability or notice provisions regarding breaches, they rarely establish cybersecurity standards similar to the standards applicable to credit unions, continuing to leave retailers and merchants to determine requirements for themselves. A recent NAFCU survey reported that the number of credit union employees devoted to IT compliance has nearly doubled since 2010. Furthermore, a large majority (82 percent) of survey respondents reported that they were impacted by a local merchant breach within the past two years.
Support Legislation to Create a National Data Security Standard
Urge your representatives to support a strong national standard of data security for all entities that handle sensitive consumer financial information.
February 28, 2023
Thaler on GLBA reform efforts: Balance reg burden, data protection standards
February 27, 2023
This week: NAFCU elevates CU voices in Washington
February 14, 2023
NAFCU, trades flag GLBA data privacy concerns to CFPB
In the News
CUToday.info | June 12, 2019NAFCU Reiterates For Senate The Need For National Data Security Standards
CUToday.info | May 09, 2019FTC Leaders Tell House There’s Need To Boost Consumer Data Security
CUToday.info | May 08, 2019Trade Groups Again Urge Congress to Act on Data Security, Privacy View all
Letters & Comments
April 26, 2023Letter to House E&C Innovation, Data, and Commerce Subcommittee on National Data Privacy Standard Hearing
February 28, 2023Letter to House E&C Innovation, Data, and Commerce Subcommittee on Data Privacy Hearing
February 27, 2023Letter to House Financial Services Committee on Financial Data Privacy Act Markup View all