Lack of national data security, privacy law hurting consumers

November 3, 2021

Data privacy and security continues to be a major concern for consumers and credit unions, CUNA wrote to a House Financial Services subcommittee Wednesday for its hearing on cyberthreats.

“Credit unions strongly support the enactment of a national data security and data privacy law that includes robust security standards that apply to all who collect or hold personal data and is preemptive of state laws,” the letter reads. “We firmly believe that there can be no data privacy until there is strong data security.

With that in mind, credit unions call on Congress to pass a robust national data security standard that would cover all entities that collect consumer information and hold those who jeopardize that data accountable through regulatory enforcement,” it adds. “Securing and protecting consumer data is important not only for their individual financial health but as a further safeguard against rogue international agents and interference by foreign governments.”

CUNA notes there have been more than 10,000 data breaches exposing nearly 12 billion consumer records since 2005, costing credit unions and consumers hundreds of millions of dollars while jeopardizing privacy.

Credit unions call on the committee and Congress to follow the following principles for federal privacy and data security legislation:

  • New privacy and data security laws should keep the Gramm-Leach-Bliley Act (GLBA) intact, as financial services their regulators have developed regulations, guidance and procedures for compliance.
  • Any new privacy law should include both data privacy and data security standards.
  • The new law should cover all businesses, institutions and organizations.
  • Any new law should preempt state requirements to simplify compliance and create equal expectation and protection for all consumers.
  • Breach notification or disclosure requirements are important, but these requirements alone
  • won’t enhance security or privacy
  • Hold entities that jeopardize consumer privacy and security accountable through regulatory
  • enforcement
  • Recognize this issue for what it is: a national security issue.