Data Security

Recent Activity

Jim Mooney Testifying on CybersecurityOn March 8, 2017, Chevron Federal Credit Union President/CEO Jim Mooney, who also chairs NAFCU's Cybersecurity and Payments Committee, testified before the House Small Business Committee at a hearing entitled "Small Business Cybersecurity: Federal Resources and Coordination." In his testimony, Jim called on Congress to introduce legislation similar to the Data Security Act of 2015 to create a national standard of data security that applies to all entities in the payments chain.

In the 114th Congress, Reps. Randy Neugebauer, R-Texas, and John Carney, D-Del. introduced a NAFCU-backed bipartisan bill, the Data Security Act of 2015 (H.R. 2205), setting data protection standards, outlining a process for notifications and recognizing financial institutions' compliance with the Gramm-Leach-Bliley Act. The bill expired at the end of the 114th Congress and will need to be reintroduced in the 115th Congress. We ask credit unions to take action and ask their members of Congress to support a national standard of data security for all entities that handle sensitive financial information. NAFCU will continue to support legislation to hold retailers accountable for breaches occurring on their end.

On April 22, 2015, NAFCU President and CEO B. Dan Berger testified before the House Small Business Committee during a hearing titled "Small Business, Big Threat: Protecting Small Businesses from Cyber Attacks." In his testimony, Berger detailed how credit unions have successfully minimized data breaches and why it's important that others do the same.

On May 14, 2015, the House Committee on Financial Services held a hearing entitled, "Protecting Consumers: Financial Data Security in the Age of Computer Hackers." Members of the committee discussed the pitfalls of the patchwork of state legislation addressing data security breaches and the comparative success of the Gramm-Leach-Bliley Act, which applies to credit unions and other financial institutions.  Several witnesses noted problems with conflicting state laws that require different information to be included in breach notifications, and which impose different timelines.  Another witness testified that Gramm-Leach-Bliley has worked for financial institutions and would work equally as well for other industries in the payments ecosystem because it is both scalable and flexible. 

On October 7, 2015, Jan Roche, President and CEO of State Department Federal Credit Union and NAFCU board member, testified before the House Small Business Committee at a hearing regarding the recent EMV transition entitled, "The EMV Deadline and What it Means for Small Businesses." Roche testified alongside representatives from Visa, ICBA, and the Electronic Transactions Association. Roche's testimony emphasized that the best way to protect the financial system against payments fraud is through a national data security standard and urged the committee to support H.R. 2205, the Data Security Act of 2015.

On December 9, 2015, the House Financial Services Committee approved H.R. 2205 in a 46-9 vote. The bill closely aligned with legislation introduced a few weeks prior by Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo. – Data Security Act of 2015 (S. 961). 

Berger talks about his testimony on data security and the call for greater retailer accountability (5/8/15)