March 06, 2014

NAFCU sets record straight on NRF claims about data protection

March 6, 2014 – NAFCU yesterday released a statement widely to press to set the record straight on erroneous claims of the National Retail Federation about data breaches and what is needed to protect consumers' information.

"It is time they stopped playing fast and loose with the truth about data security.Chip-and-PIN technology is no panacea and does not replace the need for national standards on data security," NAFCU Vice President of Legislative Affairs Brad Thaler said in response to NRF's statements. "Those failing to protect data should be held responsible when data breaches occur."

NRF distributed ads in Capitol Hill area publications and has purchased ad space at Reagan National Airport to promote its argument that new technology is what is needed to address ongoing data breaches like the recent one at Target. Thaler said the group is distorting available data to make its case.

"According to the Verizon 2013 Data Breach Investigation Report, a breakdown of incidents across various industries actually resulting from network intrusions, the retail industry was far and away the number one target," Thaler said, "with nearly 22 percent of network intrusions occurring at retailers while the finance sector was far down the list with just over 8 percent."

NAFCU, in a letter for the record of a hearing Wednesday on data security, urged lawmakers for action to set national data protection standards for merchants similar to those long imposed on financial institutions under the Gramm-Leach-Bliley Act.