WASHINGTON—CUNA, NAFCU and other trade organizations are highlighting what they say data breach legislation should look like to leadership of the House Energy and Commerce Committee in response to a request for comments on such legislation.
CUNA and NAFCU have stated they support strong national data security and breach notification requirements.
“Any legislation enacted into law must ensure that all entities that handle consumers’ sensitive financial data have in place a robust—yet flexible and scalable—process to protect data, which must be coupled with effective oversight and enforcement procedures to ensure accountability and compliance,” the letter to the committee reads. “This is an important step to limit the onslaught of breaches and reduce risks to consumers and the significant costs imposed on our members from breaches.
“This standard should apply to all entities that handle sensitive personal and financial data in order to provide meaningful and consistent protection for consumers nationwide,” the letter adds.
Specifically, CUNA said data breach legislation should:
-
Ensure that all entities are required to protect sensitive personal and financial data
-
In the event of a breach, require timely notification of consumers and impacted parties that are at risk
- Ensure compliance via appropriate federal and state oversight, recognizing existing federal obligations for the financial industry to both secure data and notify consumers of a breach and eliminate overlapping and inconsistent laws and regulations