February 24, 2014

Holder calls for breach notification legislation

Feb. 25, 2014 – Citing the recent massive Target data breach that affected as many as 110 million consumers, U.S. Attorney General Eric Holder on Monday urged Congress to adopt a national standard for notifying consumers in instances of a data security breach.

"Although Justice Department officials are working closely with the FBI and prosecutors across the country to bring cybercriminals to justice, it is time for leaders in Washington to provide the tools that we need to do even more by requiring businesses to notify consumers and law enforcement in the wake of significant data breaches," Holder said in his weekly video message. "Today, I'm calling on Congress to create a strong national standard for quickly alerting consumers whose information may be compromised."

NAFCU was the first financial trade association to respond to the Target breach by calling on Congress for hearings and legislation on national data security standards for retailers. Holding retailers responsible for data security breaches, and for notifying those affected, is a key point in NAFCU's five-point plan for regulatory relief for credit unions.

NAFCU supports S. 1927, the "Data Security Act of 2014," introduced by Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo., to expand data breach prevention and notification requirements for U.S. businesses. S. 1927 would not impose new burdens on credit unions and other financial institutions already subject to data protection standards under the Gramm-Leach-Bliley Act. NAFCU views such a carve-out as essential.

NAFCU continues to follow hearings and discusses of data security on Capitol Hill.