Data security standards must be strong, consistent, apply to all

The best approach on data security and privacy for consumers and business is for Congress to develop a strong privacy law that applies to all businesses and entities that collect, house or otherwise possess information, CUNA wrote to leadership of the Senate Banking and House Energy and Commerce Committees Tuesday. CUNA’s letters state that Congress must address data security in order to provide consumers with data privacy.

“There is an urgent need for Congress to act to set a federal data privacy standard. The American consumer is under attack and current federal law leaves the door open for criminals, terrorist organizations and foreign governments to steal payment and other personally identifiable information to the benefit of their illicit activity,” the letters read. “Taking a narrow view that this debate is about Facebook, Amazon and Google would be a grave mistake. There is no way for Congress to provide consumers with the data privacy they need without enacting robust data security standards that are preemptive of state law and apply to everyone.”

  • Treat data privacy as a national security issue, since there have been more than 10,000 data breached in the U.S. since 2005, compromising nearly 12 billion consumer records. Many of these breaches are being perpetrated by foreign governments, domestic organized crime syndicates and rogue international actors using the data to fund illicit activities;
  • Fix the weak links in the system, meaning requiring all entities that hold and use consumer data be subject to strong federal data security requirements; and
  • Set a strong federal standard that preempts state laws, removing the current patchwork of various state laws, regulations and requirements that provide uneven protection and require numerous compliance resources.