Stringent data protection requirements is a hallmark of the financial services industry, but the lack of standards for other entities mean current data security and privacy laws do not work, CUNA wrote Friday. Its letter was sent to Senate Banking Committee leadership in response to an invitation of stakeholder feedback on collection, use and protection of personal information by financial regulators and private companies.
“Congress should not expect any data privacy law it may enact to succeed in providing the desired level of privacy if such legislation does not also require all businesses and originations that collect, use and house personally identifiable information (PII) to protect that data consistent with strong, federal security requirements,” the letter reads. “A federal data security standard is essential to provide Americans with the comfort and confidence that the information that they share with businesses and organizations will remain private and secure.”
As the Senate Banking Committee has jurisdiction over financial institutions, CUNA urges it to “work with other committees and the administration to address consumer data privacy and data security so that all Americans can feel confident that their personal information is protected from breach and will not be misused by any company that possesses it.”
CUNA advanced the following principles for federal privacy and data security legislation: