Data Security

Recent Activity

Legislative Advocacy

NAFCU has been very involved in the post-Equifax fallout on Capitol Hill, meeting with, and submitting letters and legislative ideas to various committees. A number of committees are involved with the issue, including Senate Banking, Senate Commerce, Science, and Transportation, House Financial Services, and House Energy and Commerce. Recently, Senate Banking Chairman Mike Crapo (R-ID) and Ranking Member Sherrod Brown (D-OH) solicited feedback from interested stakeholders on data privacy, protection and collection. NAFCU submitted comments answering their specific questions and outlining our principles for a data security standard.

Legislators have been actively working on different data security bills, although a measure has yet to advance. In the 115th Congress, Representatives Blaine Luetkemeyer (R-MO) and Carolyn Maloney (D-NY) unveiled a draft data security bill, the Data Acquisition and Technology Accountability and Security Act, which addresses the issue from the financial services perspective. Representative Luetkemeyer also circulated a scaled-down version of the legislation that would avoid jurisdictional overlap with the House Energy and Commerce Committee. In the 114th Congress, Representatives Randy Neugebauer, (R-TX) and John Carney (D-DE) introduced a NAFCU-backed bipartisan bill, the Data Security Act of 2015, setting data protection standards, outlining a process for notifications and recognizing financial institutions' compliance with the Gramm-Leach-Bliley Act.

We ask credit unions to take action and ask their members of Congress to support a national data security standard for all entities that handle sensitive financial information. NAFCU will continue to support legislation to hold retailers accountable for breaches occurring on their end.


NAFCU has testified before Congress several times over the last few years on what we would like to see in any comprehensive cyber and data security standard.

On November 1, 2017, Debra Schwartz, President and CEO of Mission Federal Credit Union and NAFCU Board Vice Chair, testified before the House Financial Services Subcommittee on Financial Institutions and Consumer Credit at a hearing entitled "Data Security: Vulnerabilities and Opportunities for Improvement." In her testimony, Schwartz explained the impact recent data breaches have had on credit unions and steps Congress can take to hold other entities to similar standards as financial institutions.

On March 8, 2017, Chevron Federal Credit Union’s former President/CEO Jim Mooney testified before the House Small Business Committee at a hearing entitled "Small Business Cybersecurity: Federal Resources and Coordination." In his testimony, Mooney called on Congress to introduce legislation similar to the Data Security Act of 2015 to create a national standard of data security that applies to all entities in the payments chain.

On October 7, 2015, Jan Roche, President and CEO of State Department Federal Credit Union and NAFCU board member, testified before the House Small Business Committee at a hearing regarding the recent EMV transition entitled, "The EMV Deadline and What it Means for Small Businesses." Roche's testimony emphasized that the best way to protect the financial system against payments fraud is through a national data security standard and urged the committee to support the Data Security Act of 2015.

On April 22, 2015, NAFCU President and CEO B. Dan Berger testified before the House Small Business Committee during a hearing entitled "Small Business, Big Threat: Protecting Small Businesses from Cyber Attacks." In his testimony, Berger detailed how credit unions have successfully minimized data breaches and why it is important that others do the same.