WASHINGTON–In the wake of the data breach involving Marriott hotels, NAFCU has sent a letter to members of the House Financial Services Committee and the
Senate Banking Committee that reiterates its call for a national data security standard for entities that collect and store consumers’ personal and financial information.
The Marriott breach involves as many as 500 million people and includes personally identifiable and financial information, although, as CUToday.info reports elsewhere, it may not be financial account and Social Security numbers that the thieves find most valuable.
All such entities should be subject to the same stringent requirements as depository institutions, said NAFCU.
“While it may not help the millions of Americans that have been victimized by this breach, the time for Congress to act is now to prevent future breaches and harm to consumers,” the letter reads. “We would urge the Committee’s continued focus on this important topic and the need for addressing consumer data security issues in the remaining days of this Congress and in the new Congress.”
In its letter, NAFCU again pointed to a set of guiding principles it would like to see used in addressing any comprehensive cyber and data security effort. Those principles include:
- Payment of Breach Costs by Breached Entities
- National Standards for Safekeeping Information
- Data Security Policy Disclosure
- Notification of the Account Servicer
- Disclosure of Breached Entity
- Enforcement of Prohibition on Data Retention
- Burden of Proof in Data Breach Cases