WASHINGTON—Ahead of a House Financial Services Committee Task Force on Financial Technology hearing this week to examine the role of big data in financial services, NAFCU Vice President of Legislative Affairs Brad Thaler shared the trade association’s position security of a consumer's financial data is a major aspect of consumer privacy and protection.
The hearing comes as news broke that retailer Macy's has become the latest to be breached, affecting a small number of customers. According to reports, the compromise was a Magecart attack – a type of breach that compromises a website with malicious scripts to harvest payment information.
"While depository institutions have a national standard on data security since the passage of the Gramm-Leach-Bliley Act (GLBA) over two decades ago, other entities who handle consumer financial data do not have such a national standard," Thaler wrote. "That is why we believe that there is an urgent need for a national data security standard for entities that collect and store consumers’ personal and financial information that are not already subject to the same stringent requirements as depository institutions."
Other Issues
Thaler also outlined for the task force key issues that credit unions would like to see addressed in any comprehensive cyber and data security effort, including:
- Payment of breach costs by breached entities
- National standards for safekeeping information
- Data security policy disclosure
- Notification of the account services
- Disclosure of breached entity
- Enforcement of prohibition on data retention
- Burden of proof in data breach cases