May 09, 2019

House panel explores data privacy, security

Capitol DomeFederal Trade Commission (FTC) leadership acknowledged the need for enhancements to consumer data security and privacy during a hearing held by a House Energy and Commerce subcommittee Wednesday. Ahead of the hearing, NAFCU's Brad Thaler reiterated the association's principles to address consumer privacy and data security standards.

During Wednesday's hearing held by the Subcommittee on Consumer Protection & Commerce, FTC Chairman Joseph Simons and four other commissioners discussed how much authority the FTC should have, and how state laws should work with federal law.

Thaler, NAFCU's vice president of legislative affairs, noted to subcommittee leaders the important role the FTC plays "in overseeing data security outside of the regulated financial services sector." NAFCU has advocated for a national data security standard for all entities that collect and store consumers' personal and financial information that are not already subject to the same stringent requirements as depository institutions under the Gramm-Leach-Bliley Act.

He shared the guiding principles NAFCU and credit unions would like to see incorporated in data security legislation, primarily to ensure consumers are informed of what data is retained and how it's protected, timely disclosure of breaches, and that negligent entities are held responsible when a data breach occurs on their end.

Simons testified earlier this week before a Senate Appropriations subcommittee. Similarly during that hearing, he asked for civil penalty authority to enforce data breaches through a targeted rulemaking rather than broad-based authority.