March 25, 2014

Hunt: Congress must act on data security

March 26, 2014 – NAFCU Senior Vice President of Government Affairs and General Counsel Carrie Hunt on Tuesday urged Senate Commerce Committee leaders for action in the face of a continuing series of retailer-based data security breaches that are costing the credit union industry millions.

Hunt wrote in advance of today's hearing, "Protecting Personal Consumer Information from Cyber Attacks and Data Breaches." She noted that "as the number of data breaches at U.S. retailers continues to climb, so does the emotional toll and financial burden on tens of millions of consumers across the country."

"Financial institutions, including credit unions, have been subject to standards on data security since the passage of the Gramm-Leach-Bliley Act," Hunt wrote. "However, retailers and many other entities that handle sensitive personal financial data are not subject to these same standards, and they become victims of data breaches and data theft all too often. While these entities still get paid, financial institutions bear a significant burden as the issuers of payment cards used by millions of consumers."

Hunt emphasized that data security legislation introduced by Committee Chairman Jay Rockefeller, D-W.Va. – the "Data Security and Breach Notification Act," S. 1976 – is a comprehensive effort that moves the conversation forward, but noted that any legislation needs strong, clear language ensuring credit unions, which are already in compliance with Gramm-Leach-Bliley, would not be subject to any new onerous or duplicative regulation.

Today's hearing will also look at a committee staff report, "A ‘Kill Chain' Analysis of the 2013 Target Data Breach," that looks at events leading up to the Target breach.