October 31, 2017

NAFCU rep Schwartz to highlight CU data security efforts, concerns during hearing today

NAFCU witness Debra Schwartz, NAFCU Board treasurer and president and CEO of Mission Federal Credit Union (San Diego, Calif.), today will detail the impact recent data breaches have had on credit unions and steps Congress can take to hold other entities to similar standards as financial institutions during a House Financial Services subcommittee hearing.

In prepared testimony, Schwartz will highlight credit unions' success in protecting members' personal information as a result of the Gramm-Leach-Bliley Act (GLBA). The act established consumer data protections for certain financial institutions and requires a regulator to examine credit unions and other depository institutions for compliance with those provisions.

However, in her testimony, Schwartz will note that not all entities covered by GLBA, such as Equifax, are subject to compliance examinations. Schwartz will urge Congress to create a national data security standard for entities not already subject to one and ensure compliance with such regulations. Doing so will protect consumers and create accountability for negligent entities, Schwartz will testify.

"Credit unions suffer steep losses in re-establishing member safety after a data breach occurs," her testimony states. "They are often forced to charge off fraud-related losses, many of which stem from a negligent entity's failure to protect sensitive financial and personal information or the illegal maintenance of such information in their systems. Moreover, as many cases of identity theft have been attributed to data breaches, and as identity theft continues to rise, any entity that stores financial or personally identifiable information should be held to minimum federal standards for protecting such data."

Schwartz will provide the subcommittee with data NAFCU has collected from members about data security concerns, as well as findings on possible solutions. She will also outline NAFCU's key data security principles and legislation the association supports to address data security concerns.

"There have been industry discussions underway amongst interested groups and we would urge the Committee to work with industry to introduce and advance a package to create a robust national data security standard that can be enacted into law. The time for action is now," Schwartz will say.

Today's hearing, "Data Security: Vulnerabilities and Opportunities for Improvement," held by the Subcommittee on Financial Institutions and Consumer Credit, will begin at 2 p.m. Eastern. Schwartz is testifying on behalf of NAFCU alongside representatives from the Securities Industry and Financial Markets Association and the American Land Title Association.

NAFCU has been a leading advocate for a national data security standard that holds all entities that handle personal financial data to the same standards as credit unions and other depository institutions under the GLBA. The association has repeatedly called for action to ensure that credit unions do not bear the cost of negligent data practices by any entity.

NAFCU is also involved with various cyber and data security initiatives, including the Financial Services-Information Sharing and Analysis Center (FS-ISAC) and the Federal Reserve's Payments Security Task Force.