WASHINGTON—Both CUNA and NAFCU are calling again on Congress to act on data security and privacy, and to apply laws to all businesses and entities that collect, house or otherwise possess information.
The trade groups have sent letters to the Senate Banking and House and Energy and Commerce Committees this week.
CUNA’s letters state that Congress must address data security in order to provide consumers with data privacy.
“There is an urgent need for Congress to act to set a federal data privacy standard. The American consumer is under attack and current federal law leaves the door open for criminals, terrorist organizations and foreign governments to steal payment and other personally identifiable information to the benefit of their illicit activity,” the letters read. “Taking a narrow view that this debate is about Facebook, Amazon and Google would be a grave mistake. There is no way for Congress to provide consumers with the data privacy they need without enacting robust data security standards that are preemptive of state law and apply to everyone.”
CUNA is calling on Congress to:
- Treat data privacy as a national security issue, since there have been more than 10,000 data breached in the U.S. since 2005, compromising nearly 12 billion consumer records. Many of these breaches are being perpetrated by foreign governments, domestic organized crime syndicates and rogue international actors using the data to fund illicit activities
- Fix the weak links in the system, meaning requiring all entities that hold and use consumer data be subject to strong federal data security requirements
- Set a strong federal standard that preempts state laws, removing the current patchwork of various state laws, regulations and requirements that provide uneven protection and require numerous compliance resources
NAFCU Message to Congress
Also this week, during a Senate Banking Committee hearing focused on privacy and data collection, witnesses cited the need for stronger data governance standards. The hearing was the first in a series to examine what should be included in legislation to establish a national data security standard.
In a letter sent ahead of the hearing, NAFCU Vice President of Legislative Affairs Brad Thaler reiterated the guiding principles NAFCU and credit unions would like to see incorporated in data security legislation. The principles include the need to ensure consumers are informed of what data is retained and how it's protected, timely disclosure of breaches, and that negligent entities are held responsible when a data breach occurs on their end.
Much of hearing’s discussion focused on the European Union's General Data Protection Regulation (GDPR). The panel of witnesses agreed that measures must be taken to stop cyber-attacks from growing. The panel also noted that the economic basis for the internet is mass surveillance, with companies seeking to get as much information from people as possible and having much success doing so thanks to overly complicated consent forms, NAFCU reported.