WASHINGTON—A House subcommittee held a hearing this week to explore possible legislative solutions to reform the nation's data security system.
Ahead of the hearing, NAFCU Vice President of Legislative Affairs Brad Thaler sent a letter reiterating the principles credit unions would like to see addressed in any comprehensive data security legislation, and providing the association's thoughts on data security bills before the subcommittee.
Witnesses who testified at the hearing, held by the House Financial Services Subcommittee on Financial Institutions and Consumer Credit, represented the state of Massachusetts, the Consumer Data Industry Association, the Information Technology Industry Council and the Financial Services Roundtable. NAFCU attended the hearing.
Draft legislation being worked on by Subcommittee Chairman Blaine Luetkemeyer (R-MO) and Rep. Carolyn Maloney (D-NY) was one of two bills that were the focus of the hearing. The draft bill builds on provisions from the Data Security Act of 2015, which would have created a strong national data security standard for retailers, held them accountable for breaches on their end and recognized credit unions’ compliance with the Gramm-Leach-Bliley Act.
In his letter to the subcommittee, Thaler wrote that NAFCU "appreciate[s] that the legislation maintains the status quo on the ability of credit unions to take a private right of action to recoup the costs suffered in a data breach." He provided some suggestions to strengthen the draft legislation.
The subcommittee also discussed the Promoting Responsible Oversight of Transactions and Examinations of Credit Technology Act (HR 4028), which NAFCU supports, Thaler wrote, as it would "help address some of the concerns about the gaps in regulation of large credit rating agencies."