Newsroom
Thaler: Collaboration needed on data security, privacy
Ahead of yesterday's Senate Banking Committee data privacy hearing, NAFCU Vice President of Legislative Affairs Brad Thaler reiterated the need for national data security and privacy standards and urged members to work collaboratively with other Senate committees to "find a package that can advance and receive bipartisan support."
During the hearing, the committee discussed approaches to data privacy, the impact on the financial services industry and how companies collect and use information in marketing and decision-making.
"Financial regulators are not the only ones engaged in big data collection; private companies are also collecting, processing, analyzing and sharing considerable data on individuals," noted Committee Chairman Mike Crapo, R-Idaho, in his opening remarks. "The data ecosystem is far more expansive, granular and informative than ever before."
Throughout the hearing, a number of lawmakers and witnesses discussed data privacy and ownership concerns as they relate to the Fair Credit Reporting Act (FCRA). Amendments to the FCRA could potentially affect financial institutions' operations.
NAFCU – a leader in calling for a national data security standard – has advocated for safeguards to ensure negligent entities are held accountable for data exposures, consumers have control over their data and are notified of breaches in a timely manner. The association believes that all entities – not just financial institutions – that handle consumer information must comply with comprehensive federal data protection standards.
"While depository institutions have had a national standard on data security since the passage of the Gramm-Leach-Bliley Act (GLBA) over two decades ago, other entities who handle consumer financial data do not have such a national standard," wrote Thaler. "Along those same lines, we also believe that there is a need for a uniform national consumer data privacy standard as opposed to a patchwork of standards stemming from different state data privacy laws."
The committee also examined the European Union's General Data Protection Regulation (GDPR) in comparison to the previous 1995 Data Protection Directive as an example of broader scope regulation. The substantive requirements of the GDPR, how they differ from existing U.S. mandates and credit unions' approach to it was outlined in an edition of the NAFCU Compliance Monitor published last summer.
NAFCU's Regulatory Committee has previously discussed the GDPR and other issues on privacy, including the proposed rule on the California Customer Privacy Act (CCPA) that intends to establish procedures to facilitate consumers' rights and provide guidance to businesses on how to comply with the law. At least 10 states have introduced draft bills to impose obligations on businesses to provide consumers with more control of their personal data.
The association has long been active with lawmakers on the issue of data security and was the first group after the massive 2013 Target data breach to call for a legislative solution to reform the nation's data security system.
Share This
Related Resources
Add to Calendar 2024-05-03 14:00:00 2024-05-03 14:00:00 Plan Sponsor Attitudes Toward Retirement Plan Management and Fiduciary Outsourcing About the Webinar In January 2024, Pentegra conducted a survey of retirement plan sponsors and their perspectives on retirement plan management and fiduciary outsourcing. The survey measured how sponsors are using fiduciary outsourcing to help better manage their retirement plans. It also captured their perspectives on what outsourcing does to help them better position their plans and drive improved retirement plan outcomes. Key Takeaways: What is the full scope of your responsibilities as a plan sponsor? What is fiduciary outsourcing and how does it work? How does fiduciary outsourcing help reduce workloads and minimize risk? How can a credit union best position its plan to drive improved outcomes? Register Here Web NAFCU digital@nafcu.org America/New_York public
Plan Sponsor Attitudes Toward Retirement Plan Management and Fiduciary Outsourcing
preferred partner
Pentegra
Webinar
Turning Lemons into Lemonade: Capitalizing in a Post-Banking Crisis Era
Strategy
preferred partner
Allied Solutions
Blog Post
Ensuring Safety and Soundness with AI
Management, Consumer Lending, FinTech
preferred partner
Upstart
Blog Post
Add to Calendar 2024-05-02 14:00:00 2024-05-02 14:00:00 Mastering Resilience in Incident Response Plans About the Webinar An Incident Response (IR) plan is crucial for guiding credit unions through major incidents efficiently and effectively. However, many IR plans lack resilience, making them less adaptable to the evolving threat landscape. Join us for our webinar Mastering Resilience in Incident Response Plans where DefenseStorm cyber experts Elizabeth Houser and James Bruhl will delve into the importance of resiliency within cybersecurity IR plans. Don’t miss out on the opportunity to learn how to: Ensure IR plan accessibility so that all team members with assigned roles are prepared for effective incident response. Conduct efficient and regular reviews to ensure roles and responsibilities are current, tools are relevant, and compliance requirements are met. Implement and utilize tabletops to regularly test the effectiveness of your IR plan. Enhance preparedness, efficiency, and confidence among responders. View On-Demand Web NAFCU digital@nafcu.org America/New_York public
Mastering Resilience in Incident Response Plans
preferred partner
DefenseStorm
Webinar
Get daily updates.
Subscribe to NAFCU today.