Press

August 4, 2015

The Honorable Mitch McConnell Majority Leader
U.S. Senate
Washington, D.C. 20510

The Honorable Harry Reid Minority Leader
U.S. Senate
Washington, D.C. 20510

Dear Majority Leader McConnell and Minority Leader Reid:

The undersigned financial services trade associations are writing in support of passage of S. 754, the Cybersecurity Information Sharing Act (CISA). In March, this bill was approved on a near- unanimous and bipartisan basis by the Select Committee on Intelligence. We urge you and your colleagues to bring up and pass this important legislation as it will increase the nation’s ability to defend against cyber-attacks by encouraging businesses and the government to share cyber-threat information more quickly and efficiently between the two sectors.

In addition to CISA, which would be a strong step towards improving our defenses against cyber threats, we encourage even further steps to be taken to protect consumers’ sensitive information from the scourge of data breaches. To that end, we urge the Senate to take up legislation to establish a strong, but scalable, national data security standard to safeguard sensitive and personal consumer data from cyber criminals, such as the one proposed by Senators Tom Carper (D-DE) and Roy Blunt (R-MO) in the Data Security Act of 2015 (S. 961).

Despite the alarming rise in the number and sophistication of cyber threats, a federal standard to protect consumer data across the payment system currently does not exist. With the recent data security breaches at major retailers and others that have put millions of consumers at risk, the need to pass legislation to establish such a standard could not be more evident.

By outlining a security process that is adaptable to future changes in technology, the Data Security Act would enable businesses of all sizes and complexity to better protect consumers from harm. A vague “reasonableness” standard as proposed by some falls short in providing businesses needed guidance and fails to provide much-needed protections to consumers. Importantly, S. 961 also recognizes that it is not productive to duplicate data protection and consumer notice requirements that are already in place for financial institutions under the Gramm-Leach-Bliley Act and subsequent regulations.

Our existing payments system serves hundreds of millions of consumers, retailers, financial institutions and the economy well. Protecting this system is a shared responsibility of all parties involved and we must work together and invest the necessary resources to combat increasingly sophisticated threats to the payments system.

The undersigned groups stand in strong support of S. 754 as well as data security and breach notification legislation that espouses the principles of S. 961. In tandem, these legislative measures will better protect consumers and businesses from cyber threats.

Sincerely,

Consumer Bankers Association
Credit Union National Association
Independent Community Bankers of America
National Association of Federal Credit Unions