March 18, 2019

Thaler outlines data security needs to Crapo, Brown

data securityNAFCU Vice President of Legislative Affairs Brad Thaler, responding to a request from Senate Banking Committee Chairman Mike Crapo, R-Idaho, and Ranking Member Sherrod Brown, D-Ohio, offered the association's perspective on what should be included in legislation to establish a national data security standard.

Read Thaler's response here.

NAFCU has long been active with lawmakers on this issue, and was the first group after the massive 2013 Target data breach to call for a legislative solution to reform the nation's data security system. The association continues to stress the need for a data security standard for entities that collect and store consumers' personal and financial information that are not already subject to the same stringent requirements as depository institutions.

Thaler provided detail responses to questions regarding what could be done through legislation, regulation, or by implementing best practices to ensure consumers have control over their data, are notified of breaches in a timely manner, know what data is being collected and how it's used, how collected data impacts credit score reports.

Included in the responses were the guiding principles NAFCU and credit unions would like to see incorporated in data security legislation, primarily to ensure consumers are informed of what data is retained and how it's protected, timely disclosure of breaches, and that negligent entities are held responsible when a data breach occurs on their end. He also reiterated that credit bureaus should be examined for compliance with the Gramm-Leach-Bliley Act (GLBA).

Crapo earlier this year published a column saying that "data privacy and data security legislation will remain a priority in the 116th Congress" and that he will pursue "legislative solutions that would give consumers more control over and enhance the protection of consumer financial data, and ensure consumers are notified of breaches in a timely and consistent manner." Data security is on both the House Financial Services and Senate Banking Committees' agendas.

Thaler also recently shared the association's principles for a strong national data security standard ahead of hearings held by the Senate Commerce Committee and a House Energy and Commerce subcommittee.

NAFCU will continue to engage with lawmakers on this issue and work to ensure credit unions' principles are included in any data security solution.