WASHINGTON (5/15/15)--Many representatives and witnesses at a U.S. House Financial Services Committee hearing on data security Thursday agreed: the strong data security standards spelled out for financial institutions by the Gramm-Leach-Bliley Act (GLBA) would help stop data breaches if applied universally.
CUNA is a strong advocate for applying those standards to other entities, particularly merchants that handle consumer data.
Tim Pawlenty, former congressman and governor and current president/CEO of the Financial Services Roundtable, said applying GLBA standards to other sectors would decrease overall risk, as it has done for credit unions and banks of all sizes.
“A flexible standard that is adaptable to both the size of the entity and the changing nature of data security technology is the most common-sense approach,” he said. “Such a standard has served the financial service sector and its customers well.”
Rep. Carolyn Maloney (D-N.Y.) asked if GLBA standards have been overly burdensome to small financial institutions, and Pawlenty said it has not been, indicating that a similar standard would not be too overly burdensome for small businesses.
Rep. Robert Pittenger (R-N.C.) said he believes the Data Security Act of 2015 (H.R. 2205), which CUNA supports, allows for the development of a comprehensive data breach program that can be appropriately flexible as to be scaled to different entity sizes.
Others witnesses on the panel, said they believed H.R. 2205 would provide a good framework for data security.
“I believe H.R. 2205 is the ideal vehicle for identifying inconsistent and incompatible state laws to address how we let consumers know when something goes wrong,” said Jason Oxman, CEO of the Electronic Transactions Association.
In his written testimony, Pawlenty outlined four principles that should guide any legislation, principles that closely align with those CUNA and other financial trade organizations sent to Congress in February.
Witness Brian Dodge, from the Retail Industry Leaders Association, argued against the standards being applied to the retail industry saying the current environment should remain, and that enforcement by the Federal Trade Commission is adequate.
However, according to the Identity Theft Research Center, the retail sector accounts for the most data breaches, nearly 40% of breaches in 2015.
For more data security coverage, see “CUNA: Data security debate should be about protecting consumers” in today’s News Now.