Credit unions are leading the call for data security legislation because they are “painfully aware” of how lax security can harm individuals’ financial security, CUNA Senior Director of Advocacy Lance Noggle wrote in Credit Union Times Friday. Since 2005, over 1.5 billion consumer records have been exposed through nearly 10,000 data breaches.

“While leaders in Congress are busy discussing ways to keep our data out of the hands of Big Tech, they ignore the all too real threat posed by everyday bad actors illegally obtaining and misusing data for profit and exploitation. It’s time for Congress to realize that we can’t have data privacy without data security,” Noggle writes. These two concepts are often conflated, but it’s important to recognize the difference to ensure that both are accounted for when fixing this growing problem.

“Data privacy looks at the ways that data is legally collected, stored, used and destroyed, and how that is disclosed to the public. Data security, on the other hand, is the protection of that data from nefarious actors,” he adds.

Noggle notes that many consumers are familiar with the inconvenience of replacing compromised payment cards, but “the truly insidious risk is when a security breach is undetected, and a sophisticated hacker goes on to use machine learning tools to piece together bits of a person’s identity from multiple sources to create a false identity.”

He cites legislation such as the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act that holds financial institutions and medical providers to legal consumer data protection obligations.

“Credit unions understand that there’s a lot to consider in data security and privacy reform. As cooperatives that are dedicated to serving our members, we will do all that we can to protect data. The problem is that we can’t safeguard this data alone. So many others come into contact with our members’ data, and we want these guardians to feel the same sense of responsibility that we feel,” he writes.

“Creating a standard that protects Americans in every rural town, city and state across the country is of paramount importance. We can no longer do nothing. We’ve tried nothing, and it has only made this country and its people exceptionally vulnerable. It’s imperative to protect the privacy of data. But without data security, even the most robust privacy structure is simply erased,” Noggle adds.