WASHNGTON—NAFCU once again is urging Congress to establish national standards for data security.
NAFCU sent a letter to leaders of a House Science, Space, and Technology subcommittee ahead of a hearing Tuesday on the issue. The hearing, Strengthening U.S. Cybersecurity Capabilities, was held by the Subcommittee on Research and Technology.
Brad Thaler, NAFCU’s vice president of legislative affairs, told subcommittee Chairwoman Barbara Comstock (R-VA) and Ranking Member Daniel Lipinski (D-IL) that financial institutions, including credit unions, have been subject to federal standards on data security since the passage of the Gramm-Leach-Bliley Act. Yet, retailers and many other entities that handle sensitive personal financial data are not subject to these same standards.
“Americans’ sensitive financial and personally identifiable information will only be as safe as the weakest link in the security chain,” he wrote.
Thaler noted that credit unions often suffer steep losses in re-establishing member safety and security after a data breach because they have to absorb fraud-related losses, “many of which stem from a negligent entity’s failure to protect sensitive financial and personal information in their systems.”
He cited results of a Gallup poll conducted Oct. 5-9, 2016, that found for the third consecutive year that 69% of U.S. adults are frequently or occasionally concerned about having their credit card information stolen by hackers.
He urged Comstock and Lipinski to support and consider legislation that would create national data security standards, akin to the “Data Security Act of 2015” (HR 2205). That bill passed the 114th Congress’ House Financial Services Committee with a strong bipartisan vote of 46-9.