WASHINGTON (2/4/15)--Federal data breach legislation must contain strong national data protections and consumer notification standards, combined with effective enforcement provisions, the Credit Union National Association emphasized in a letter submitted for the record of an upcoming hearing.
The necessary standards were specified in a letter to members of the U.S. Senate subcommittee on consumer protection, product safety, insurance and data security, which will conduct a hearing on data breach legislation Thursday.
CUNA, with several other financial trade organizations, sent the letter to give its perspective on key elements that should be included in any legislative approach to data breaches.
The five principles are:
Credit unions have been subject to significant regulatory requirements and internal safeguards for the past 15 years. These include requirements to protect information and notify customers of a breach as well as federal oversight, examination and sanction authority.
"This extensive legal, regulatory examination and enforcement regime ensures that financial institutions robustly protect American's personal financial information," the letter reads. "In contrast, retailers that accept electronic payments face no similar requirements or oversight, and as a result millions of American consumers' personal financial information has been compromised in recent years."
CUNA and several trade organizations sent a letter to the House subcommittee on commerce, manufacturing and trade before a similar hearing, a letter that was entered into the official record.
There are currently a number of data breach bills circulating, but CUNA is pushing for more aggressive legislation that contains the principles mentioned above.