WASHINGTON—Congress is again being urged to deliver a national data security standard for entities that collect and store consumers' personal and financial information that are not already subject to the same stringent requirements as depository institutions.
NAFCU's Brad Thaler made the request in a letter to House Speaker Paul Ryan (R-WI) and Minority Leader Nancy Pelosi (D-CA).
Thaler, NAFCU's vice president of legislative affairs, was responding to a House Oversight and Government Reform Committee report on the Equifax data breach released last week, which determined that the incident could have been prevented.
"NAFCU believes that when a breached entity knew or should have known about a threat, and fails to act to mitigate it, the negligent company must be held financially liable," Thaler said.
He further detailed credit unions' efforts to make members whole following data breaches that compromise personal financial information, which ultimately lead the credit union – and therefore its members – to absorb fraud-related losses.
Thaler also repeated NAFCU's belief that credit bureaus should be examined for compliance with the Gramm-Leach-Bliley Act (GLBA). He outlined again for Congress the principles credit unions would like to see addressed in any comprehensive cyber and data security legislation.