Removing Barriers Blog

CUNA supports SAFE DATA Act prior to Commerce Committee hearing
Posted September 22, 2020 by CUNA Advocacy

CUNA wrote to Chairman Wicker and Ranking Member Cantwell prior to the Senate Commerce Committee's data privacy hearing urging the Committee to enact meaningful data security and privacy legislation.

Last week, Senators Wicker, Thune, Fischer and Blackburn introduced the Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act.  If enacted, the bill would simplify privacy and data security laws by a creating national standard which would add protections for all Americans while reducing compliance burdens stemming from compliance with many standards across the states.

“Data privacy and data security are major concerns for Americans given the frequency of reports of misuse of personally identifiable information (PII) data by businesses and breaches by criminal actors, some of which are state sponsored,” CUNA’s letter for the hearing reads. “Since 2005, there have been more than 11,700 data breaches, exposing more than 1.6 billion consumer records. These breaches have cost credit unions, banks and the consumers they serve hundreds of millions of dollars, and they have compromised the consumers’ privacy, jeopardizing their financial security.”

CUNA added that “it’s long past time” for Congress to enact meaningful data security and privacy legislation, and urged Congress to follow the following principles:

  • Any new privacy law should include both data privacy and data security standards. Congress should enact robust data security standards to accompany and support data privacy standards:
  • The new law should cover all business, institutions and organizations that collect, use or share personal data or information can misuse the data or lose the data through breach;
  • Any new law should preempt state requirements to simplify compliance and create equal expectation and protection for all consumers;
  • Breach disclosure and consumer notification are important, but these requirements alone won’t enhance security or privacy;
  • The law should provide mechanisms to address the harms that result from privacy violations and security violations, including data breach; and
  • More and more, data breaches that expose consumer PII are perpetrated by foreign governments and other rogue international entities, which calls for a strong federal response that ensures all involved in collecting, holding and using PII do so with the security of the information of paramount concern.