NAFCU advocates for legislation establishing a comprehensive federal data privacy and security standard. This standard should harmonize existing federal data privacy laws, preempt state privacy laws, and implement proper guardrails for consumers’ protection into the entire environment rather than just in certain sectors. Multiple privacy frameworks at the federal and state levels creates unnecessary compliance burden for credit unions and generates confusion for consumers about the applicability of disclosures and the extent of their rights.
A national standard should also include cybersecurity standards for all entities that collect and store consumer information, including merchants, retailers, and fintech companies. The standards of the Safeguards Rule under the Gramm-Leach-Bliley Act are robust, but only apply to financial institutions. Over the past two decades, other entities have been collecting, storing, and transmitting a tremendous amount of consumers’ financial data without the protection of enforced security standards.
For credit unions, this national data privacy and security standard should be enforced by the National Credit Union Administration (NCUA) through the imposition of scalable civil penalties. NCUA is well versed in the unique nature of credit unions and their operations, and is in the best position to examine and enforce any privacy and cybersecurity requirements for credit unions. Further, scalable civil penalties is the only proper remedy for the enforcement of such a standard. Actual damages from privacy violations are too difficult to establish by evidence. Enforcement through a personal right of action and statutory damages is incredibly ripe for frivolous lawsuits. Scalable civil penalties can be used to remedy and prevent consumer harm in a meaningful way.
For more information on our position on a federal data privacy standard, please view our issue brief. Our team is committed to ensuring credit unions are not burdened by compliance with conflicting privacy frameworks and the fall-out of breaches by merchants and retailers. This is a quickly developing area of the law and NAFCU is on the forefront of the issue, ensuring the credit union perspective is being shared.