Congress has latched on to the matter and has been furiously introducing and moving legislation with about 10 bills circulating between the two chambers. "Nobody knows right now what's going on," NAFCU Associate Director of Legislative Affairs Debbie Kwon-Moore explained. On May 11, a House Judiciary subcommittee held a hearing on its own bill, Cyber-Security Enhancement and Consumer Data Protection Act of 2006 (H.R. 5318), and a markup was slated for May 18. This bill focused mainly on the investigation, prosecution and penalties for cyber-crimes and stealing personal information.
However, NAFCU favors the legislation that came out of the House Financial Services Committee, the Financial Data Protection Act of 2005 (H.R. 3997), which gives consumer reporters-those handling personal information to assemble or evaluate for consumer reports, payments or employment purposes, and facilitates interstate commerce-"an affirmative obligation" to protect the information against unauthorized use "reasonably likely" to bring "harm or inconvenience" to the consumer, according to a bill summary. It also prescribes guidelines on investigations, third party duties, consumer notice, fraud mitigation, and free file monitoring.
"It's those entities that aren't regulated that should be focused on," Kwon-Moore said, such as the retailers. The legislative frenzy was born out of a few highly publicized data security breaches, like at BJ's Wholesale Club, where retailers held on to consumer information that they should not have.
Recommended For You
She added that she was not sure "whether or not [Congress] will scramble to do something quickly before elections or introduce something as a place-holder for next Congress."
There is not much doubt in John McKechnie's mind that a bill will come out of Congress before the session is over. While the director of NCUA's Office of Public and Congressional Affairs explained that the agency is not endorsing any one bill, it was "very active" in the Financial Services Committee's bill.
McKechnie pointed out that NCUA was able to work rulemaking authority in H.R. 3997, parallel to the other federal financial regulators, that it was not afforded in the Gramm-Leach-Bliley Act. He emphasized that it is important that credit unions fall under regulations that are "understandable, practical and useful" given that they are so structurally and operationally different than other financial service providers.
Though McKechnie is confident that something will be sent to the president's desk this year, what form it will take is anyone's guess. He noted that while the agency got its rulemaking provisions in the Financial Services Committee bill, he is still working to make all the committees aware of NCUA's issue.
There is also a bill in the House Energy and Commerce Committee, The Data Accountability and Trust Act (H.R. 4127), that would give enforcement authority to the Federal Trade Commission in conjunction with the states' attorneys general, according to Kwon-Moore. She said this extra layer of authority "dilutes everything" and would only confuse consumers and financial institutions on who to contact for what.
She added that the hold up on any movement in the Senate is that the body is waiting for the Senate Banking Committee to introduce legislation.
© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
