October 25, 2019

Lawmakers discuss need for federal data security laws

Capitol Sen. Thom Tillis, R-N.C., emphasized the need for a federal law that addresses data breach, data privacy and ownership issues during a Senate Banking Committee hearing Thursday. Ahead of the hearing on data privacy rights and data valuation, NAFCU Vice President of Legislative Affairs Brad Thaler urged the committee to consider a national standard for institutions that collect and store consumer information.

Thaler also shared NAFCU's belief that "there is a need for a uniform national consumer data privacy standard as opposed to a patchwork of standards stemming from different state data privacy laws," and recommended that lawmakers  work collaboratively with other committees and task forces in the Senate to draft legislation that can advance and receive bipartisan support.

During the hearing, Tillis discussed the potential for the United States to develop an international standard, and a number of other lawmakers asked questions related to the European Union's General Data Protection Regulation (GDPR). 

The substantive requirements of the GDPR, how they differ from existing U.S. mandates, and what credit unions are doing about it were outlined in an edition of the NAFCU Compliance Monitor published last summer.

The panel of witnesses agreed that the U.S. cannot move forward in the data privacy space without first addressing and defining the ownership rights to personal information and noted privacy rights can be established without property rights.

National Cybersecurity Awareness Month will continue throughout the month of October, though data security and privacy are among the top concerns for the credit union industry year-round. NAFCU has myriad resources available to ensure credit unions can effectively identify and address cybersecurity concerns.

The association will continue to update credit unions on the potential for a national standard and as states, such as California, implement data privacy laws.