CUNA applauds introduction of breach notification bill in House

WASHINGTON, D.C. (May 1, 2015) — Representatives Randy Neugebauer (R-TX) and John Carney (D-DE) today introduced bipartisan data security legislation strongly supported by CUNA to protect consumers from identity theft and fraud by establishing a national data security and breach notification standard for financial institutions and retailers.

“I thank Representatives Neugebauer and Carney for their leadership on data breaches and their commitment to protect the financial data of all Americans,” said Jim Nussle, President and CEO of CUNA. “Those who accept cards as payment must be held to the same standard as those who issue cards for payment.”

Under the bill, each covered entity must:
Develop and maintain an effective information security program tailored to the complexity and scope of its operations, and the sensitivity of its data;
Oversee service providers with access to customer information, including requiring service providers by contract to take appropriate steps to protect the security and confidentiality of this information;
Train staff to prepare and implement its information security program;
Test key controls, systems and procedures of its information security program; and
Adjust its information security program to reflect the results of its ongoing risk assessment.

CUNA has repeatedly called for strong national data protection and consumer notification standards for merchants that align with those already in place for financial institutions under Gramm-Leach-Bliley; inconsistent state laws and regulations be preempted in favor of strong Federal data protection and notification standards; and in the event of a breach, the public should be informed where it occurred as soon as reasonably possible to allow consumers to protect themselves from fraud.

Studies have found that in 2014, over 1,500 data security breaches occurred which exposed over 1 billion data records. CUNA has been actively engaged on the issue of merchant data breaches for over a year and a half including numerous meetings and correspondence with lawmakers and staff, urging the White House to establish a Cybersecurity Council, conducting quantitative analysis of the costs of data breaches on credit unions at Target and Home Depot which found that the two merchant breaches cost credit unions and their members at least $90 million, and launching a website ( that allows consumers to take action and urge Congress to step in and hold merchants accountable for data violations.

About CUNA:
With its network of affiliated state credit union leagues, Credit Union National Association (CUNA) serves America’s credit unions, which are owned by more than 100 million consumer members. Credit unions are not-for-profit cooperatives providing affordable financial services to people from all walks of life. For more information about CUNA, visit or follow @CUNA on Twitter. For more information about credit unions, and follow @asmarterchoice on Twitter. Visit the CUNA Press Room for a full listing of media mentions, press releases and resources to stay informed on current events within the credit union industry.

More News