WASHINGTON—Testifying before the House Financial Services subcommittee Wednesday, credit Union CEO Debra Schwartz detailed the impact recent data breaches have had on credit unions and steps Congress can take to hold other entities to similar standards as financial institutions.
Schwartz, president and CEO of Mission Federal Credit Union in San Diego and NAFCU board treasurer highlighted credit unions' success in protecting members' personal information as a result of the Gramm-Leach-Bliley Act (GLBA). The act established consumer data protections for certain financial institutions and requires a regulator to examine credit unions and other depository institutions for compliance with those provisions.
However, Schwartz, testifying on behalf of NAFCU, noted that not all entities covered by GLBA, such as Equifax, are subject to compliance examinations. Schwartz urged Congress to create a national data security standard for entities not already subject to one and ensure compliance with such regulations. Doing so will protect consumers and create accountability for negligent entities, Schwartz said.
"Credit unions suffer steep losses in re-establishing member safety after a data breach occurs," Schwartz stated. "They are often forced to charge off fraud-related losses, many of which stem from a negligent entity’s failure to protect sensitive financial and personal information or the illegal maintenance of such information in their systems. Moreover, as many cases of identity theft have been attributed to data breaches, and as identity theft continues to rise, any entity that stores financial or personally identifiable information should be held to minimum federal standards for protecting such data."
Schwartz provided the subcommittee with data NAFCU has collected from members about data security concerns, as well as findings on possible solutions. She also outlined NAFCU's key data security principles and legislation the association supports to address data security concerns.
"There have been industry discussions underway amongst interested groups and we would urge the Committee to work with industry to introduce and advance a package to create a robust national data security standard that can be enacted into law. The time for action is now," Schwartz said.