Financial trades ban together on data breach

WASHINGTON, DC (August 1, 2018) — Major merchant data breaches continue to put millions of consumers at risk. Credit Union National Association (CUNA) is joining with a coalition of financial trade associations to push for legislation that requires stronger data security standards for retailers.

In a joint letter with the American Bankers Association (ABA), Consumer Bankers Association (CBA) and Independent Community Bankers of America (ICBA), CUNA urges Rep. Bob Latta (R-Ohio), chair of the House Energy and Commerce Subcommittee on Digital Commerce, to reconsider the current landscape of the existing payments system.

“Data breaches impose significant costs on financial institutions of all sizes because our first priority is to protect consumers and ensure that they have no liability for fraud that typically follows a breach.  Our members provide relief to victims of breaches, regardless of where the breach occurs,” the letter reads. “In our view, it is critical for your Committee and the Financial Services Committee to collaboratively move forward on legislation that puts in place strong national data security and breach notification requirements and eliminates the current inconsistent patchwork of state law.”

The letter highlights several elements for legislative consideration, including:

  • A flexible, scalable standard equivalent to what is in the Gramm-Leach-Bliley Act (GLBA) for data protection;
  • A GLBA equivalent notification regime requiring timely notice to impacted consumers, law enforcement, and applicable regulators when there is a reasonable risk that a breach of unencrypted personal information exposes consumers to identity theft or other financial harm;
  • Consistent, exclusive enforcement of the new data security and notification national standard by the Federal Trade Commission (FTC) and state Attorneys General; and
  • Clear preemption of the existing patchwork of often conflicting and contradictory state laws for all entities that follow this national data security and notification standard.

With the recent onslaught of breaches, the trade groups further stressed the importance of enacting legislation that sets a national standard for how all entities should handle consumers’ sensitive financial data. The letter details the need for a “robust – yet flexible and scalable – process to protect data, which must be coupled with effective oversight and enforcement procedures to ensure accountability and compliance.”

About CUNA

Credit Union National Association (CUNA) is the only national association that advocates on behalf of all of America’s credit unions, which are owned by 135 million consumer members. CUNA, along with its network of affiliated state credit union leagues, delivers unwavering advocacy, continuous professional growth and operational confidence to protect the best interests of all credit unions. For more information about CUNA, visit To find your nearest credit union, visit


CUNA Communications


More News