Press

NAFCU, joint trades letter to Congress responding to retailers claims about data breaches

(February 13, 2015) — Below is NAFCU’s and six other trade associations’ joint letter to Congress responding to a letter it received from the National Retail Federation and the National Association of Convenience Stores on claims about data breaches and fraud.

In the letter, the groups urge members of the House and Senate to consider “while fraud is a major problem affecting nearly all sectors of our economy, arguing about which business sector carries more of the burden is a distraction.” The groups go on to say what matters most is preventing fraud from harming consumers, their constituents, not shifting blame.

The groups also urge them to consider three common-sense principles to help protect their constituents from feeling the impact of identity theft and financial account fraud resulting from data breaches. They include establishing a national data security and breach standard for retailers, building on existing standards and shared responsibility of the costs by the retailers for data breaches.

February 12, 2015
Dear Members of the U.S. Senate and House of Representatives:

Recently, you received a letter from the National Retail Federation and the National Association of Convenience Stores making some remarkable claims about data breaches and fraud.

As you consider their letter, the undersigned trade associations encourage you to think about the following: while fraud is a major problem affecting nearly all sectors of our economy, arguing about which business sector carries more of the burden is a distraction. What matters most is preventing fraud from harming consumers – your constituents, not shifting blame.

Congress is poised to advance data breach legislation and the undersigned trade groups representing the financial services sector want to contribute in a meaningful way. To that end, you can help protect your constituents from feeling the impact of identity theft and financial account fraud resulting from data breaches by considering the following three common-sense principles:

  • –  A National Data Security and Breach Standard: Strong national data protection and consumer notification standards with effective enforcement provisions must be part of any comprehensive data security regime.
  • –  Building on Existing Standards: Congress has already placed robust standards on certain sectors, like healthcare (HIPAA) and banking (GLBA). These existing standards must be recognized, and can also serve as a model that can be adapted to other sectors where no such standards exist.
  • –  Shared Responsibility: All parties must share the responsibility, and the costs, for protecting consumers. The costs of a data breach should ultimately be borne by the entity that incurs the breach.We encourage you to ignore the excuses, attempts to pass blame, and efforts to make this a fight between business sectors. This debate should be about protecting sensitive financial information, ensuring consumers feel confident that their data is secure, whether it’s where they shop or where they bank.

    Sincerely,

    American Bankers Association
    Consumer Bankers Association
    Credit Union National Association
    Financial Services Roundtable
    Independent Community Bankers of America National Association of Federal Credit Unions The Clearing House

More News