WASHINGTON—Members of the Senate Commerce, Science, and Transportation Committee indicated their support of a national data security standard during another congressional hearing on consumer data security in the wake of the massive Equifax data breach.
Committee Chairman John Thune (R-SD), in his opening statement, called for a national standard for data security. However, Thune acknowledged that Equifax is held to the standards of Gramm-Leach-Bliley Act (GLBA) and suggested that the act may need strengthening, NAFCU reported.
Committee Ranking Member Bill Nelson (D-FL) also called for expanding the Federal Trade Commission's authority in order to write rules requiring commercial sector to protect data with a national standard, NAFCU said.
In a letter sent to Thune and Nelson prior to the hearing, NAFCU Vice President of Legislative Affairs Brad Thaler wrote that credit reporting agencies already subject to parts of the GLBA, like Equifax, should be subject to the same regulatory requirements as depository institutions. Additionally, NAFCU has worked to ensure that any congressional action to improve data security standards do not place additional regulatory burdens on credit unions.
Witnesses at the hearing included executives from Equifax, Yahoo!, Verizon Communications Inc. and Entrust Datacard Corp. It was first time Equifax's current CEO testified on the issue before Congress.
NAFCU stressed that it has been a leading advocate for a national data security standard that holds all entities that handle personal financial data to the same standards as credit unions and other depository institutions under the Gramm-Leach-Bliley Act (GLBA). It has repeatedly called for action to ensure that credit unions do not bear the cost of negligent data practices by entities like Equifax.
Last week, NAFCU recommended ways for Congress to create a national data security standard and greatly minimize the number and impact of data breaches during the association's eighth testimony before Congress. NAFCU said it will continue to monitor congressional action related to data security and engage with lawmakers to ensure negligent entities – rather than consumers or credit unions – are held liable.