February 04, 2014

Senators, in hearing, push national data security standards

Feb. 5, 2014 – Senate Judiciary Chairman Patrick Leahy, D-Vt., pushed for bipartisan legislation on data security during a hearing Tuesday that featured testimony from Target Corporation, the Neiman Marcus Group, the Federal Trade Commission, the U.S. Secret Service and the Justice Department.

Echoing concerns lodged by NAFCU, Leahy and others, including Sens. Al Franken, D-Minn., and Dianne Feinstein, D-Calif., repeatedly noted there are no national laws imposing data security standards on retailers or requiring the prompt notification of data breaches. NAFCU wrote the leaders of the committee a letter in advance of the hearing, which was entered into the record by Ranking Member Chuck Grassley, R-Iowa.

Tuesday's hearing focused on data- and cybersecurity. Also on Tuesday, NAFCU President and CEO Dan Berger wrote the leaders of the House Energy and Commerce Subcommittee on Commerce, Manufacturing and Trade in advance of today's hearing on preventing data breaches.

"Financial institutions, including credit unions, have been subject to standards on data security since the passage of Gramm-Leach-Bliley," Berger wrote. "However, retailers and many other entities that handle sensitive personal financial data are not subject to these same standards, and they become victims of data breaches and data theft all too often. While these entities still get paid, financial institutions bear a significant burden as the issuers of payment cards used by millions of consumers."

The full Senate Banking Committee will hold another hearing on data security tomorrow, which NAFCU will monitor closely. The association was the first financial trade to seek hearings and legislation immediately following the Target breach.