November 05, 2019

NAFCU to Congress: Lack of national data standard creates risk

data securityNAFCU's Brad Thaler reiterated the association's call for a national data security standard to Congress Monday, arguing that not having one in place "creates risk, as bad actors often target those companies who do not have high security standards."

"While depository institutions have had a national standard on data security since the passage of the Gramm-Leach-Bliley Act (GLBA) over two decades ago, other entities who handle consumer financial data do not have such a national standard," wrote Thaler, NAFCU's vice president of legislative affairs, ahead of a Senate Judiciary subcommittee hearing today.

"…Along those same lines, we also believe that there is a need for a uniform national consumer data privacy standard as opposed to a patchwork of standards stemming from different state data privacy laws," Thaler added. "Such a standard should recognize what has been in place and is working for consumers, credit unions and others under existing laws such as the GLBA."

Ensuring the personal financial information of credit unions' 118 million members is a top priority for NAFCU. The association was the first group after the massive 2013 Target data breach to call for a legislative solution to reform the nation's data security system, and consistently reiterates is principles for a data security standard – which includes holding negligent companies accountable and ensuring consumers are made aware of breaches in a timely manner – to lawmakers.

NAFCU will monitor today's Senate Judiciary subcommittee hearing, set to begin at 2:30 p.m.