WASHINGTON (2/4/15)--Federal data breach legislation must contain strong national data protections and consumer notification standards, combined with effective enforcement provisions, the Credit Union National Association emphasized in a letter submitted for the record of an upcoming hearing. 

The necessary standards were specified in a letter to members of the U.S. Senate subcommittee on consumer protection, product safety, insurance and data security, which will conduct a hearing on data breach legislation Thursday.

CUNA, with several other financial trade organizations, sent the letter to give its perspective on key elements that should be included in any legislative approach to data breaches.

The five principles are:

• trong national data protection and consumer notification standards with effective enforcement provisions applicable to any party with access to important consumer financial information;
• Banks and credit unions are already subject to robust data protection and notification standards. These Gramm-Leach-Bliley Act requirements must be recognized;
• Inconsistent state laws and regulations should be preempted in favor of strong federal data protection and notification standards;
• In the event of a breach, the public should be informed where it occurred as soon as reasonably possible to allow consumers to protect themselves from fraud. Banks and credit unions should be able to inform their customers and members about the information regarding the breach, including the entity at which the breach occurred; and
• The costs of a data breach should ultimately be borne by the entity that incurs the breach, since credit unions and banks bear a disproportionate burden in covering the costs of breaches occurring beyond their premises.

Credit unions have been subject to significant regulatory requirements and internal safeguards for the past 15 years. These include requirements to protect information and notify customers of a breach as well as federal oversight, examination and sanction authority.

"This extensive legal, regulatory examination and enforcement regime ensures that financial institutions robustly protect American's personal financial information," the letter reads. "In contrast, retailers that accept electronic payments face no similar requirements or oversight, and as a result millions of American consumers' personal financial information has been compromised in recent years."

CUNA and several trade organizations sent a letter to the House subcommittee on commerce, manufacturing and trade before a similar hearing, a letter that was entered into the official record.

There are currently a number of data breach bills circulating, but CUNA is pushing for more aggressive legislation that contains the principles mentioned above.

Stop the Data Breaches

Identity Theft: Who’s Got Your Number? electronic member seminar kit

Anytime Adviser ID Theft coach

Lock Down Your Smartphone drive-up envelope

Stop Identity Theft--customized lobby brochure

Stickley on Security

Awareness Technologies/CUNA Strategic Services

DH Compushare/CUNA Strategic Services

SilverSky/CUNA Strategic Services

TraceSecurity/CUNA Strategic Services