The Honorable Barbara Comstock
Chairwoman
Subcommittee on Research and Technology
Committee on Science, Space, and Technology
U.S. House of Representatives
Washington, D.C. 20515
The Honorable Daniel Lipinski
Ranking Member
Subcommittee on Research and Technology
Committee on Science, Space, and Technology
U.S. House of Representatives
Washington, D.C. 20515
Re: Tomorrow’s Hearing on U.S. Cybersecurity Capabilities
Dear Chairwoman Comstock and Ranking Member Lipinski:
On behalf of the National Association of Federally-Insured Credit Unions (NAFCU), the only trade association exclusively representing the federal interests of our nation’s federally-insured credit unions, I write today in conjunction with tomorrow’s hearing, “Strengthening U.S. Cybersecurity Capabilities.” We appreciate your focus on cybersecurity and recommend that one way to improve cybersecurity and protect consumers’ sensitive data in a substantive way would be to establish national standards for data security of personal financial information.
Data breaches have become a constant concern of the American people. Major data breaches now occur with an unacceptable level of regularity. From breaches at Target and Home Depot that impacted over 110 million consumer records and 56 million payment cards respectively, to recent breaches at the Hyatt and Hilton Hotel chains, the concerns of American consumers are well founded. A Gallup poll from October 5-9, 2016, found for the third consecutive year, that 69 percent of U.S. adults are frequently or occasionally concerned about having their credit card information stolen by hackers. These staggering survey results speak for themselves and should demonstrate the need for greater national attention to this important issue. The breach, announced just last week, of Arby’s fast food restaurants is yet another demonstration of the urgent need for Congressional action.
Americans’ sensitive financial and personally identifiable information will only be as safe as the weakest link in the security chain. While financial institutions, including credit unions, have been subject to federal standards on data security since the passage of the Gramm-Leach-Bliley Act (GLBA), retailers and many other entities that handle sensitive personal financial data are not subject to these same standards. Consequently, they have become the vulnerable targets of choice for cybercriminals.
Credit unions often suffer steep losses in re-establishing member safety and security after a data breach occurs. They are often forced to absorb fraud-related losses, many of which stem from a negligent entity’s failure to protect sensitive financial and personal information in their systems. As not-for-profit cooperatives, credit union members are the ones that are ultimately impacted by these costs.
It is with this in mind that NAFCU urges you to support and consider legislation to create national data security standards. In the 114th Congress, the House Financial Services Committee favorably reported the Data Security Act of 2015 (H.R. 2205) with a strong bipartisan vote of 46-9. This legislation would create flexible requirements that, while protecting consumers’ data in the current environment, would allow for and encourage innovation to protect consumers from future threats we have not yet anticipated. Additionally, the national standards created in this bill would be scalable to allow for compliance by entities of all sizes. Just as the GLBA institutes requirements that are appropriate for both the smallest credit unions and the biggest banks, this legislation would allow for appropriate standards for the smallest corner store to the largest retailers. As you tackle the issue of cybersecurity in the 115th Congress, we urge you to consider including solutions such as the approach from the Data Security Act of 2015 in any legislative effort.
Thank you for your attention and for your leadership on this issue of great importance to credit unions. Should you have any questions or require any additional information please contact me or Chad Adams, NAFCU’s Senior Associate Director of Legislative Affairs, at 703-842-2265 or cadams@nafcu.org.
Sincerely,
Brad Thaler
Vice President of Legislative Affairs