In a letter to the House Science, Space, and Technology subcommittee, Brad Thaler, NAFCU vice president of legislative affairs, said that while financial institutions are subject to federal data security standards since the Gramm-Leach-Bliley Act was passed in 1999, retailers and other businesses are not.
“Americans’ sensitive financial and personally identifiable information will only be as safe as the weakest link in the security chain,” Thaler wrote to subcommittee chair Barbara Comstock (R-VA) and ranking member Daniel Lipinski (D-IL).
The letter was sent ahead of the Feb. 14 hearing by the Subcommittee on Research and Technology, “Strengthening U.S. Cybersecurity Capabilities.”
Thaler said credit unions are impacted because they have to absorb fraud-related losses in re-establishing member safety and security after a data breach. Many of these breaches stem from a negligent entity’s failure to protect sensitive financial and personal information in their systems, Thaler said.
Thaler also cited a Gallup poll conducted Oct. 5-9, 2016, that 69 percent of Americans are frequently or occasionally concerned about having their credit card information stolen by hackers.
He urged Comstock and Lipinski to create national data security standards similar to the Data Security Act of 2015 (H.R. 2205), which passed the 114th Congress’ House Financial Services Committee 46-9.