150x172 Exam Survey Promo
print

Letter to House Committee on Financial Services Regarding H R 3997 the Financial Data Protection Act of 2005

Letters to Congress

Letter to House Committee on Financial Services Regarding H.R. 3997, the Financial Data Protection Act of 2005.

February 3, 2006

The Honorable Michael Oxley
U.S. House of Representatives
Chairman
House Committee on Financial Services
2308 Rayburn House Office Building
Washington, DC 20515
The Honorable Barney Frank
U.S. House of Representatives
Ranking Member
House Committee on Financial Services
2252 Rayburn House Office Building
Washington, DC 20515

Dear Chairman Oxley and Ranking Member Frank:

On behalf of the Credit Union National Association (CUNA), I would like to express our support for the House Financial Service Committee's commitment to move forward with data security legislation. We believe that this legislation is necessary to protect the interests of credit unions and consumers. CUNA represents more than 90 percent of America's 8,800 credit unions and their 87 million credit union members.

CUNA supports the uniform, national standards in H.R. 3997, the Financial Data Protection Act of 2005, to impose data security safeguards and notification requirements on a wide range of entities engaged in the business of collecting or handling sensitive personal financial information. Currently, the privacy and security requirements of the Gramm-Leach-Bliley Act (GLBA) only apply to financial institutions. Credit unions are already subject to detailed implementation rules in Sections 716 and 748 of the National Credit Union Administration's regulations.

Because credit unions and other regulated financial institutions are not the problem, CUNA urges the committee to ensure that new data protection legislation does not impose additional, unnecessary regulatory burdens on financial institutions already subject to GLBA requirements. Obviously, an alternative approach to that taken by H.R. 3997 would be to amend GLBA to broaden its coverage. However, we recognize the political reasons for not taking that approach.

The problem that any legislation must clearly address is the lack of data security by merchants and non-financial companies that accumulate or distribute personal financial information. These entities must have a legal duty to notify immediately the appropriate financial institutions of data breaches, something they are not doing now.

CUNA supports a uniform notice so that consumers can be educated about the significance of receiving such a notice and the steps to take in response. We support the proposed standard of "substantial harm or inconvenience" for triggering the notice requirement. In addition to the exception now stated in that definition, we suggest that the legislation clearly state that a breach involving properly encrypted data will not necessitate a consumer notice.

We believe that financial institutions, which will typically be the entities with the information on where to notify the consumer and with the vested interest in making sure that their members/customers understand how their information was compromised, will often be the ones doing the actual notification, even though a third-party was responsible for the data breach. Therefore, we hope that the committee will consider whether the bill should address who bears the costs of notification and the proposed six-month credit monitoring, rather than leaving such problems to contract negotiations or litigation. Contracts undoubtedly cannot adequately resolve this problem because the credit union or another financial institution typically will not have a contractual agreement directly with a merchant or other data collector responsible for a particular data breach.

CUNA looks forward to having the opportunity to discuss these points and other issues with the committee as you move forward with your consideration of data security legislation.

Sincerely.
Daniel A. Mica
President & CEO

Cc:The Honorable Steven LaTourette
The Honorable Darlene Hooley
The Honorable Michael Castle
The Honorable Deborah Pryce
The Honorable Dennis Moore
150x172_Annual Report 2013Unite for Good Share your StoriesData-Breach-150x172.jpg