NAFCU Pushes for Data Security Legislation as Cyber Security Bills Advance
However, NAFCU broke from the pack, urging House leaders to also address issues of concern to credit unions.
CUNA signed a letter in support of the bills passed Tuesday that was also signed by banking and payments trade associations.
"Our nation's cyber security requires the active participation of the government, business and every consumer. We believe these bills encourage the participation of all, while providing the tools to defend against cyber threats by funding research and development activities," the letter said.
NAFCU, however, did not sign the letter. Vice President of Legislative Affairs Brad Thaler said NAFCU’s exclusion from the letter does not mean the trade’s position differs from others in the industry; but rather that NAFCU wanted to emphasize the importance of legislation that also addresses data security.
NAFCU’s letter, penned by Thaler, noted that while credit unions have been subjected to data security standards since the passage of the Gramm-Leach-Bliley Act, retailers are not. As a result, Thaler said, credit unions are often forced to charge off fraud-related losses, many of which stem from a negligent entity’s failure to protect sensitive information.
He urged House leaders to hold any entity that stores financial or personal data to minimum standards of protection.
NAFCU further recommended in the letter that the House consider additional data security issues as it tackles the broad topic of cyber security, including holding retailers and others financial liable for the cost of breaches and requiring merchants to display consumer disclosures regarding data security risk.
The bills will now advance to the Senate. One of the bills, The Cybersecurity Enhancement Act, will likely be vetoed by President Obama due to privacy issues. That bill, H.R. 756, is similar to 2012’s Cyberintelligence Sharing and Protection Act, which also passed the House but did not advance in the Senate, due to Obama’s veto threat.
The other two bills are H.R. 967, The Advancing America's Networking and Information Technology Research and Development Act, which concerns the National High-Performance Computing Program, and H.R. 1163, The Federal Information Security Amendments Act, which would require federal agencies to comply with National Institute of Standards and Technology computer standards.