Data Privacy Requires Security, CUNA Writes to House and Senate Sub-committees

CUNA continued its push for Congressional action on data privacy and security Tuesday with letters sent to House and Senate subcommittees for the record of two hearings.

The House Oversight and Reform subcommittee on economic and consumer policy conducted its hearing on improving data security at consumer reporting agencies, while the hearing conducted by the Senate Commerce subcommittee on manufacturing, trade and consumer protection covered small business perspectives on data privacy.

The letters note that strong information security and privacy standards are part of the financial services industry’s business practices. Credit unions and other financial institutions are subject to the Gramm-Leach-Bliley Act and examined by regulators for compliance.

The letters note that similar security and privacy regulations must be put into place for all entities that handle personally identifiable information, otherwise any law enacted by Congress will not have the intended effect.

CUNA also urged legislators to look at data privacy and security as a national security issue.

In its letter, CUNA reiterated its principles for federal data privacy and security legislation:

  • Any new privacy law should include both data privacy and data security standards;
  • The new law should cover all business, institutions and organizations;
  • Any new law should preempt state requirements to simplify compliance and create equal expectation and protection for all consumers;
  • Breach notification or disclosure requirements are important, but they are akin to sounding the alarm after the fire has burned down the building; and
  • The law should provide mechanisms to address the harms that result from privacy violations and security violations, including data breaches.