December 05, 2019

NAFCU's data privacy principles gain national attention as senators debate legislation

SECURITYAs the Senate Commerce Committee Wednesday examined legislative proposals to protect consumer data privacy, NAFCU's newly published data privacy principles garnered national attention in Politico's Morning Money. NAFCU shared the principles with the committee ahead of the hearing.

NAFCU, as a leader in calling for national data security standards, developed a detailed white paper outlining six principles to support its advocacy efforts on the issue and emphasized the need "for a comprehensive federal data privacy standard that protects consumers, harmonizes existing federal data privacy laws, and preempts state privacy laws." 

"Between massive data breaches and widely publicized scandals involving the misuse of consumer data, the need for laws that protect the privacy of consumer data is very clear," said NAFCU President and CEO Dan Berger on the release of the white paper. "However, we are headed in a direction that will lead to a patchwork of 50 state privacy laws, which is unworkable for credit unions and confusing for consumers. A national data privacy standard would help ensure consumers' privacy is fully protected, while also continuing to foster innovation and help grow our economy. NAFCU looks forward to working closely with lawmakers as they look to reform our outdated policies."

NAFCU has previously urged lawmakers to consider a national data security standard for institutions that collect and store consumer information and has resources, available to ensure credit unions can  effectively identify and address cybersecurity concerns. 

Also included in the paper is a deep dive into current privacy laws that have impacted credit unions, including the European Union's General Data Protection Regulation and the California Consumer Privacy Act.

During the hearing, members of the committee discussed ideas seeking to provide the Federal Trade Commission with more resources and authority to oversee business data practices. NAFCU was the first group after the massive 2013 Target data breach to call for a legislative solution to reform the nation's data security system.