Data Security

Recent Activity

Legislative Advocacy

NAFCU has been very involved in the post-Equifax fallout on Capitol Hill, meeting with, and submitting letters and legislative ideas to various committees. House Financial Institutions Subcommittee Chairman Blaine Luetkemeyer (R-MO) and Representative Carolyn Maloney (D-NY) have unveiled a draft data security bill, the Data Acquisition and Technology Accountability and Security Act, that addresses the issue from the financial services perspective. They have yet to introduce the bill and are awaiting feedback from House leadership on jurisdictional issues between the House Financial Services Committee and the House Energy and Commerce Committee. Chairman Luetkemeyer has also circulated a scaled-down version of the legislation that would avoid referral to the Energy and Commerce Committee. NAFCU lobbyists continue to participate in lobbyist roundtables with Energy and Commerce staff on data security issues.

In the 114th Congress, Reps. Randy Neugebauer, R-Texas, and John Carney, D-Del. introduced a NAFCU-backed bipartisan bill, the Data Security Act of 2015 (H.R. 2205), setting data protection standards, outlining a process for notifications and recognizing financial institutions' compliance with the Gramm-Leach-Bliley Act. The bill expired at the end of the 114th Congress and will need to be reintroduced in the 115th Congress. We ask credit unions to take action and ask their members of Congress to support a national standard of data security for all entities that handle sensitive financial information. NAFCU will continue to support legislation to hold retailers accountable for breaches occurring on their end.


In February 2018, NAFCU President and CEO Dan Berger met with House Financial Services Subcommittee Chairman Blaine Luetkemeyer, R-Mo., to discuss issues of importance to credit unions – including data security.

On November 1, 2017, Debra Schwartz, President and CEO of Mission Federal Credit Union and NAFCU Board Vice Chair, testified before the House Financial Services Subcommittee on Financial Institutions and Consumer Credit at a hearing entitled "Data Security: Vulnerabilities and Opportunities for Improvement." In her testimony, Schwartz explained the impact recent data breaches have had on credit unions and steps Congress can take to hold other entities to similar standards as financial institutions.

On March 8, 2017, Chevron Federal Credit Union’s former President/CEO Jim Mooney testified before the House Small Business Committee at a hearing entitled "Small Business Cybersecurity: Federal Resources and Coordination." In his testimony, Jim called on Congress to introduce legislation similar to the Data Security Act of 2015 to create a national standard of data security that applies to all entities in the payments chain.

On April 22, 2015, NAFCU President and CEO B. Dan Berger testified before the House Small Business Committee during a hearing titled "Small Business, Big Threat: Protecting Small Businesses from Cyber Attacks." In his testimony, Berger detailed how credit unions have successfully minimized data breaches and why it's important that others do the same.

On May 14, 2015, the House Committee on Financial Services held a hearing entitled, "Protecting Consumers: Financial Data Security in the Age of Computer Hackers." Members of the committee discussed the pitfalls of the patchwork of state legislation addressing data security breaches and the comparative success of the Gramm-Leach-Bliley Act, which applies to credit unions and other financial institutions.  Several witnesses noted problems with conflicting state laws that require different information to be included in breach notifications, and which impose different timelines.  Another witness testified that Gramm-Leach-Bliley has worked for financial institutions and would work equally as well for other industries in the payments ecosystem because it is both scalable and flexible. 

On October 7, 2015, Jan Roche, President and CEO of State Department Federal Credit Union and NAFCU board member, testified before the House Small Business Committee at a hearing regarding the recent EMV transition entitled, "The EMV Deadline and What it Means for Small Businesses." Roche testified alongside representatives from Visa, ICBA, and the Electronic Transactions Association. Roche's testimony emphasized that the best way to protect the financial system against payments fraud is through a national data security standard and urged the committee to support H.R. 2205, the Data Security Act of 2015.

On December 9, 2015, the House Financial Services Committee approved H.R. 2205 in a 46-9 vote. The bill closely aligned with legislation introduced a few weeks prior by Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo. – Data Security Act of 2015 (S. 961).