CUNA urged Congress to take action on data security in order to ensure consumers’ data privacy, and submitted a letter outlining concerns in advance of a Thursday data privacy hearing, held by a Senate Energy and Commerce subcommittee.
“Credit unions strongly support the enactment of a national data security and data privacy law that includes robust security standards that apply to all who collect or hold personal data and is preemptive of state laws,” the letter reads. “We firmly believe that there can be no data privacy until there is strong data security.”
CUNA noted the more than 10,000 data breaches exposing nearly 12 billion consumer records since 2005, costing credit unions – and their members - hundreds of millions of dollars, and jeopardizing consumers’ privacy and financial security.
“While this extensive legal and regulatory examination and enforcement framework ensures that credit unions robustly protect consumers’ personal financial information, this safety net only extends to financial institutions,” it adds. “As consumers’ personal information is disseminated to third parties, those protections end and credit unions and their members are adversely impacted by the lax data security standards at other businesses. These loopholes must end and a comprehensive data security and privacy framework that covers all entities that that collect consumer information and is preemptive of state laws must be established and this standard must hold those who jeopardize that data accountable through enforcement.”
CUNA called on the committee and Congress to follow the following principles for federal privacy and data security legislation: