Data breaches aren’t going away, definitive steps needed

February 25, 2020

CUNA President/CEO Jim Nussle considered it “gob-smacking” that nothing might be done this year to address the growing need to protect consumers’ personal information. In an op-ed appearing in The Hill Tuesday about the lack of Congressional action on data privacy and security, Nussle notes the numerous apps, gadgets, websites and other service providers that are increasing in number and collecting consumer data, but no work on a national data security framework.

“There are thousands of entities out there connecting dots to build profiles on us that can either be used to sell us products or sold to inform others who want to sell us products,” Nussle writes. “While we as a society have all but resigned ourselves to the realities of contemporary marketing, what happens when that data—and worse, the sensitive data that companies store, like payment accounts, social security number and health and wellness records—is accessed by actors beyond the intended aggregator?”

Nussle highlights that it was just this month that reports emerged that the Chinese military is linked to the 2017 Equifax data breach that affected one in four Americans.

“This isn’t meant to be alarmist but is instead meant to underscore matter that Congress can take quick, broad-reaching steps to address... We need Congress to pass legislation that sets a strong national data security and privacy standard that considers the data collected, not the collector of that data,” he writes. “That is, whether you’re collecting and storing consumer data for a credit union, a school, or a local shop owner, that data must be treated the same, irrespective of the institution’s business model.”

The confusing, patchwork of data privacy and security laws around the country both increase compliance costs for businesses and creates “glaring loopholes” for bad actors, Nussle says.

“This problem is clearly not going away, but our lawmakers have it in their grasp to take the most definitive step to date to protect all of us. Until they act, let’s continue to call for all data to be held equally through a strong, sweeping data security and privacy bill,” he writes.