Removing Barriers Blog

CUNA and Trades Write to Subcommittee Chairman re: Data Breach Legislation
Posted August 01, 2018 by CUNA Advocacy

CUNA joined other financial trade associations in sending a letter to Chairman Latta of the Subcommittee on Digital Commerce and Consumer Protection.  In the letter, the trades wrote about how major merchant data breaches continue to put millions of consumers at risk.

The letter highlights principles the trades believe should be part of any data breach bill:

  • A flexible, scalable standard equivalent to what is in the Gramm-Leach-Bliley Act (GLBA) for data protection that factors in the size and complexity of an organization, the cost of available tools to secure data and the sensitivity of the personal information an organization holds. It should also guarantee that small organizations are not burdened by excessive requirements;
  • A GLBA equivalent notification regime requiring timely notice to impacted consumers, law enforcement, and applicable regulators when there is a reasonable risk that a breach of unencrypted personal information exposes consumers to identity theft or other financial harm;
  • Consistent, exclusive enforcement of the new data security and notification national standard by the Federal Trade Commission (FTC) and state Attorneys General; and
  • Clear preemption of the existing patchwork of often conflicting and contradictory state laws for all entities that follow this national data security and notification standard.

The letter notes that this robust, yet flexible and scalable data standard, should be coupled with effective oversight and enforcement procedures to ensure accountability and compliance.

CUNA launched its latest Member Activation Program campaign, Stop the Data Breaches, last week to push credit unions to activate their members to contact Congress about the need for data breach legislation.