May 25, 2018

Senate panel turns focus to cybersecurity

data securitySenate Banking Committee Chairman Mike Crapo, R-Idaho, and Ranking Member Sherrod Brown, D-Ohio, made clear they intend to focus the committee's efforts on cybersecurity now that the NAFCU-backed regulatory relief package (S. 2155) has been signed into law. NAFCU is a leader in advocating for national data security standards – akin to those followed by credit unions – in an effort to curb future breaches.

Crapo's and Brown's comments came during yesterday's committee hearing, "Cybersecurity: Risks to the Financial Services Industry and Its Preparedness."

Ahead of the hearing, NAFCU Vice President of Legislative Affairs Brad Thaler sent a letter noting that while credit unions and other financial institutions have upheld strong data security under the Gramm-Leach-Bliley Act (GLBA), other retailers and merchants have left consumers vulnerable. Thaler outlined guiding principles NAFCU and credit unions would like to see incorporated in data security legislation, primarily to ensure consumers are informed of what data is retained and how it's protected, timely disclosure of breaches, and that negligent entities are held responsible when a data breach occurs on their end.

NAFCU has been active with lawmakers since the massive 2013 Target data breach stressing the need for a legislative solution to reform the nation's data security system.

Currently, NAFCU-sought draft legislation is being worked on by House Financial Services Subcommittee Chairman Blaine Luetkemeyer, R-Mo., and Rep. Carolyn Maloney, D-N.Y. The draft bill builds on provisions from the Data Security Act of 2015, which would have created a strong national data security standard for retailers, held them accountable for breaches on their end and recognized credit unions' compliance with the GLBA. The association will work with Senate Banking Committee members as they pursue a legislative solution as well.

NAFCU remains a leading advocate on this issue and is working to ensure that all entities that hold or collect consumers' personal financial information are held to similar standards as credit unions. Credit unions can contact their lawmakers on the data security issue through NAFCU's Grassroots Action Center.