July 12, 2018

As Senate examines credit bureaus, NAFCU stresses need for data security

data security

Ahead of today's Senate Banking Committee hearing to examine credit bureaus and the Fair Credit Reporting Act (FCRA), NAFCU's Carrie Hunt wrote in support of "a strong, robust and secure credit bureau system." However, in the wake of the data breach at Equifax, Hunt stressed that the credit bureaus should be examined for data security compliance and held accountable when negligent.

Hunt, NAFCU's executive vice president of government affairs and general counsel, sent the letter to Senate Banking Committee Chairman Mike Crapo, R-Idaho, and Ranking Member Sherrod Brown, D-Ohio. Today's hearing is slated to begin at 10 a.m. Eastern.

In the letter, Hunt noted that credit unions rely on the credit bureaus' data when assessing lending risk, managing portfolios, detecting fraud and acquiring and growing relationships with members. Unfortunately, when a data breach occurs, Hunt wrote, it's often consumers and their financial institution that must recuperate fraud-related losses.

"Negligent entities should be held financially liable for any losses that occurred due to breaches on their end so that consumers aren't left holding the bag," Hunt argued. "When a breach occurs at a credit bureau, depository institutions should be made aware of the breach as soon as practicable so they can proactively monitor affected accounts. Furthermore, compliance by credit bureaus with [Gramm-Leach-Bliley Act] and these notification requirements should be examined for, and enforced by, a federal regulator."

Hunt went on to note that this need for a national data security standard extends to retailers and others that handle personal financial data but aren't already subject to Gramm-Leach-Bliley Act standards.

NAFCU has been active with lawmakers since the massive 2013 Target data breach stressing the need for a legislative solution to reform the nation's data security system. The association supports legislative efforts to create national data security standards – akin to those followed by credit unions – in an effort to curb future breaches.