Newsroom

December 17, 2018

NAFCU: House report on Equifax breach reinforces need for data security standard

Brad Thaler
Brad Thaler

"As NAFCU has previously communicated to Congress, there is an urgent need for a national data security standard for entities that collect and store consumers' personal and financial information that are not already subject to the same stringent requirements as depository institutions," wrote NAFCU's Brad Thaler last week to House Speaker Paul Ryan, R-Wis., and Minority Leader Nancy Pelosi, D-Calif.

Thaler, NAFCU's vice president of legislative affairs, was responding to a House Oversight and Government Reform Committee report on the Equifax data breach released last week, which determined that the incident could have been prevented.

"NAFCU believes that when a breached entity knew or should have known about a threat, and fails to act to mitigate it, the negligent company must be held financially liable," Thaler reasoned.

He further detailed credit unions' efforts to make members whole following data breaches that compromise personal financial information, which ultimately lead the credit union – and therefore its members – to absorb fraud-related losses.

Thaler also reiterated NAFCU's belief that credit bureaus should be examined for compliance with the Gramm-Leach-Bliley Act (GLBA). He outlined again for Congress the principles credit unions would like to see addressed in any comprehensive cyber and data security legislation.

NAFCU has long been active with lawmakers on this issue, and was the first group after the massive 2013 Target data breach to call for a legislative solution to reform the nation's data security system. The association is currently engaged as Congress considers a bill that would require data breach notifications for financial entities akin to what is in place for financial institutions under the GLBA.

The association will continue to be a leading advocate for national data security standards.