Press
CUNA, financial trades urge data breach legislation regardless of where consumers shop or bank
WASHINGTON, D.C. (February 12, 2015) — The Credit Union National Association (CUNA), along with other financial trade associations, urged Congress to advance data breach legislation that protects Americans from identity theft and financial account fraud regardless of where they shop or bank.
“Congress should pass strong legislation that establishes a national standard for data security and protection, consumer notification standards and ensures the party responsible for the data breach bears the cost,” said Jim Nussle, President and CEO of the Credit Union National Association. “This debate isn’t about merchants and financial institutions fighting; it’s about ensuring American consumers are confident that their data is secure at all times.”
See the full letter below:
February 12, 2015
Dear Members of the U.S. Senate and House of Representatives:
Recently, you received a letter from the National Retail Federation and the National Association of Convenience Stores making some remarkable claims about data breaches and fraud.
As you consider their letter, the undersigned trade associations encourage you to think about the following: while fraud is a major problem affecting nearly all sectors of our economy, arguing about which business sector carries more of the burden is a distraction. What matters most is preventing fraud from harming consumers – your constituents, not shifting blame.
Congress is poised to advance data breach legislation and the undersigned trade groups representing the financial services sector want to contribute in a meaningful way. To that end, you can help protect your constituents from feeling the impact of identity theft and financial account fraud resulting from data breaches by considering the following three common-sense principles:
– A National Data Security and Breach Standard: Strong national data protection and consumer notification standards with effective enforcement provisions must be part of any comprehensive data security regime.
– Building on Existing Standards: Congress has already placed robust standards on certain sectors, like healthcare (HIPAA) and banking (GLBA). These existing standards must be recognized, and can also serve as a model that can be adapted to other sectors where no such standards exist.
– Shared Responsibility: All parties must share the responsibility, and the costs, for protecting consumers. The costs of a data breach should ultimately be borne by the entity that incurs the breach.
We encourage you to ignore the excuses, attempts to pass blame, and efforts to make this a fight between business sectors. This debate should be about protecting sensitive financial information, ensuring consumers feel confident that their data is secure, whether it’s where they shop or where they bank.