SAFE DATA Act would create national security, privacy standard

September 23, 2020



CUNA supports the Setting an American Framework to Ensure Data Access, Transparency, and Accountability (SAFE DATA) Act introduced Wednesday in conjunction with a Senate Commerce Committee hearing. The bill would simplify privacy and data security laws by a creating national standard which would add protections for all Americans while reducing compliance burdens stemming from compliance with many standards across the states.

“Data privacy and data security are major concerns for Americans given the frequency of reports of misuse of personally identifiable information (PII) data by businesses and breaches by criminal actors, some of which are state sponsored,” CUNA’s letter for the hearing reads. “Since 2005, there have been more than 11,700 data breaches, exposing more than 1.6 billion consumer records. These breaches have cost credit unions, banks and the consumers they serve hundreds of millions of dollars, and they have compromised the consumers’ privacy, jeopardizing their financial security.”

CUNA added that “it’s long past time” for Congress to enact meaningful data security and privacy legislation, and urged Congress to follow the following principles:

  • Any new privacy law should include both data privacy and data security standards. Congress should enact robust data security standards to accompany and support data privacy standards.
  • The new law should cover all business, institutions and organizations that collect, use or share personal data or information can misuse the data or lose the data through breach;
  • Any new law should preempt state requirements to simplify compliance and create equal expectation and protection for all consumers;
  • Breach disclosure and consumer notification are important, but these requirements alone won’t enhance security or privacy;
  • The law should provide mechanisms to address the harms that result from privacy violations and security violations, including data breach; and
  • More and more, data breaches that expose consumer PII are perpetrated by foreign governments and other rogue international entities, which calls for a strong federal response that ensures all involved in collecting, holding and using PII do so with the security of the information of paramount concern.


Cyber Liability and Intelligence, a member benefit recorded webinar