WASHINGTON (2/6/15)--Members of the U.S. Senate subcommittee on consumer protection, product safety, insurance and data security discussed the potential of using security specifications in the Gramm-Leach-Bliley Act (GLBA) as a model for building a national data security standard, in a hearing Thursday.
The GLBA contains language that allows it to preempt existing state laws to create a more uniform security standard, which CUNA and members of Congress have said needs to be an integral part of data breach legislation.
"I think Gramm-Leach-Bliley offers a potential model here," said Sen. Richard Blumenthal (D-Conn.), the subcommittee's ranking member. He added that the preemption aspect of the law might prove to be common ground upon which to build data breach legislation.
CUNA continues to advocate that, beyond simply preemption, the strict security standards laid out for financial institutions in the GLBA should be applied to merchants as well. CUNA signed a joint letter sent to the subcommittee before this hearing, as well as before a similar hearing conducted by a House subcommittee last week, outlining the principles that should be present in any potential legislation.
Subcommittee Chair Sen. Jerry Moran (R-Kan.) said the need for federal action in the face of increasing data breaches becomes clearer each day.
"While Congress has developed sector-specific data security requirements for both financial institutions and companies that handle particular types of health information, Congress has been unable to reach consensus on the development of a national data security and data breach notification standard," Moran said.
"As a result, states have taken on this task by developing their own standards, and as of today, businesses are subjected to a patchwork of over 50 different state, district and territory laws that determine how businesses must notify consumers in the event of a breach."
In addition to federal security and notification standards, CUNA is pushing for parties who are breached to bear the costs resulting from the data breaches. According to CUNA surveys last year, data breaches at Home Depot and Target alone cost credit unions more than $90 million.