May 20, 2016

NAFCU, trades join to 'Stop the Data Breaches'

NAFCU and six other financial trade groups are engaged in a week-long ad campaign, "Stop the Data Breaches," to promote passage of the NAFCU-backed H.R. 2205/S. 961, the "Data Security Act," amid a National Retail Federation fly-in to Capitol Hill.

A new website,, details how the legislation would hold retailers to the same strong data security standards that credit unions already follow under the Gramm-Leach-Bliley Act. Ads begin running online today, and a print ad is scheduled to run this week in The Hill, a daily paper covering activities in and around Congress. The campaign is also advancing this issue on Twitter using the hashtag #stopthedatabreaches.

NAFCU, the first financial trade association to call for national data security standards for retailers, has consistently pushed Congress to adopt the "Data Security Act" to ensure retailers have the data and cyber security standards necessary to protect consumers' information. The legislation would also institute notification requirements in the event of breaches such as those in 2013 and 2014 affecting Target Corp. and Home Depot customers.

NAFCU is encouraging credit unions to take action through its Grassroots Action Center to contact their members of Congress in support of H.R. 2205/S. 961 this week as well.

"Credit unions and other financial institutions are continuing to pay the tab for retailer data breaches, and consumers' data remains vulnerable," says Brad Thaler, NAFCU's vice president of legislative affairs. "The ‘Data Security Act,' which would establish a strong national standard that is scalable according to an entity's size, would help ensure that everyone in the payments chain is doing their part to protect consumers' data."

A survey of NAFCU members last year showed that the estimated costs associated with merchant data breaches in 2014 were $226,000 on average. NAFCU is also a member of the Financial Services Sector Coordinating Council and the Financial Services Information Sharing and Analysis Center, which work to strengthen existing cyber mechanisms.