WASHINGTON—Congress needs to take action on data security in order to ensure consumers’ data privacy, according to CUNA, which has submitted a letter outlining concerns in advance of a data privacy hearing held by a Senate Energy and Commerce subcommittee.
“Credit unions strongly support the enactment of a national data security and data privacy law that includes robust security standards that apply to all who collect or hold personal data and is preemptive of state laws,” the letter reads. “We firmly believe that there can be no data privacy until there is strong data security.”
CUNA noted the more than 10,000 data breaches exposing nearly 12 billion consumer records since 2005, have cost credit unions—and their members—hundreds of millions of dollars, and jeopardized consumers’ privacy and financial security.
‘Loopholes Must End’
“While this extensive legal and regulatory examination and enforcement framework ensures that credit unions robustly protect consumers’ personal financial information, this safety net only extends to financial institutions,” the letter adds. “As consumers’ personal information is disseminated to third parties, those protections end and credit unions and their members are adversely impacted by the lax data security standards at other businesses. These loopholes must end and a comprehensive data security and privacy framework that covers all entities that that collect consumer information and is preemptive of state laws must be established and this standard must hold those who jeopardize that data accountable through enforcement.”
Additional Recommendations
CUNA called on the committee and Congress to follow the following principles for federal privacy and data security legislation:
- New privacy and data security laws should keep financial services’ robust data and privacy requirements under the Gramm-Leach-Bliley Act in place
- Any new privacy law should include both data privacy and data security standards
- The new law should cover all businesses, institutions and organizations
- Any new law should preempt state requirements to simplify compliance and create equal expectation and protection for all consumers
- Breach notification or disclosure requirements are important, but they are “akin to sounding the alarm after the fire has burned down the building”
- The law should provide mechanisms to address the harms that result from privacy violations and security violations, including data breach
- Recognize this issue for what it is: a national security issue
Feeling the FOMO Fever? CUToday.info Has a Prescription
Are you missing out on the latest news in credit unions? Missing the trends and developments you need to be aware of? We can help. Each morning CUToday.info delivers its daily Fresh Today news update offering the latest headlines and breaking news right to your email, with the easy-to-read headlines format allowing you to click on the stories that interest you most in order to learn more.
And it’s free!
If you haven’t yet signed up for the new email solution on which CUToday.info has partnered with ResponseGenius, you can do so here. Signing up requires less than one minute of your time—and it’s free!
Please note that after signing up you may need to go to your Spam/Junk folder and mark the morning headlines email as safe. CUToday.info does not provide its list of readers and emails to outside parties, and we will not be contacting you to sell you an extended warranty or sending you any links so you may cash in on an inheritance you didn’t know was coming.
And did we mention it’s free?
Please note and/or make your IT department or email administrator aware the emails will be coming from the domains CUTodayinfo.com and CUTodayinfoReply.com