WASHINGTON—NAFCU is again calling for a stronger national data security standard under which companies that maintain consumers' financial records are incentivized to protect the data.
The trade association has sent a letter to the Senate Banking Committee ahead of its hearing on consumer data security at the credit bureaus.
The hearing is further follow-up to the Equifax data breach that affected potentially more than 145-million Americans.
In the letter to Senate Banking Chairman Mike Crapo (R-ID) and Ranking Member Sherrod Brown (D-OH), NAFCU Executive Vice President of Government Affairs and General Counsel Carrie Hunt wrote that credit reporting agencies already subject to parts of the Gramm-Leach-Bliley Act (GLBA), like Equifax, should be subject to the same regulatory requirements as depository institutions.
"Negligent entities should be held financially liable for any losses that occurred due to breaches on their end so that consumers aren't left holding the bag," Hunt said. "When a breach occurs at a credit bureau, depository institutions should be made aware of the breach as soon as practicable so they can proactively monitor affected accounts. Furthermore, compliance by credit bureaus with GLBA and these notification requirements should be examined for, and enforced by, a federal regulator.
"Finally, any new rules or regulations to implement these recommendations should recognize credit unions' compliance with GLBA and not place any new burdens on them," Hunt continued.
NAFCU emphasized that it has been a leading advocate for a national data security standard that holds all entities that handle personal financial data to the same standards as credit unions and other depository institutions under the GLBA. It has repeatedly called for action to ensure that credit unions do not bear the cost of negligent data practices by entities like Equifax.
CUNA CEO Jim Nussle has similarly sent a letter to the Senate on the issue of data security.
Noting the Equifax breach “has harmed and will harm credit unions and their members,” Nussle went on to say, “As egregious as this particular instance was, it’s important to remember that it is only the last in a long string of massive data breaches affecting consumers. Big box retailers, other merchants, and insurance companies have all been breached in recent memory. And the risk is not limited to the private sector, either. Many in Congress will recall significant breaches in recent years of personal information at the Office of Personnel Management and the Internal Revenue Service. Bearing these in mind, the massive collection of personal data being conducted as we speak by the Consumer Financial Protection Bureau (CFPB) should also give lawmakers and consumers pause.
“As this Committee works to shed light on the impact of the Equifax breach and to ensure consumers are not at further risk, we encourage you and your colleagues to consider the risk to consumers’ personal data in other sectors of the economy, including the retail sector, as well as at federal agencies like the CFPB,” Nussle said.