September 26, 2014

NAFCU asks Obama for retailer accountability in data breaches

NAFCU President and CEO Dan Berger wrote to President Barack Obama to urge support for legislative action on a national data security standard for retailers as news of successive massive data breaches at major retailers continues to break.

Berger cited the latest disclosed breaches that have hit UPS, Jimmy Johns's, Community Health Systems Inc. and Supervalu and underscored the gravity of the situation millions of consumers are facing.

"These numerous breaches should lead to serious pause for the Administration, as the number of data breaches is broader and more frequent," Berger wrote. "NAFCU calls on the White House to work with Congress to take legislative action to address data breaches that occur at the hands of retailers."

Berger also noted the particularly heavy impact of the massive Target breach last year, which the association estimates will cost the credit union community as much as $30 million, due to costs associated with fraud monitoring, reissuing cards and related measures.

He emphasized that as credit unions are already subject to standards under the Gramm-Leach-Bliley Act, it is "critical" that data security legislation specifically focus on retailers – which are not subject to such a standard – to avoid duplicative and onerous regulations.

NAFCU was the first financial trade association to call for a national standard for retailers in the wake of the Target breach, and continues to work with Congress and the Obama administration to push for legislation that would hold retailers financially responsible for breaches caused by their negligence, as well as require the disclosure of breaches to consumers.