NAFCU letter to NCUA Board on data security
WASHINGTON, DC (January 13, 2014) —
The Honorable Debbie Matz, Chairman
The Honorable Michael Fryzel, Board Member
The Honorable Rick Metsger, Board Member
National Credit Union Administration
1775 Duke Street
Alexandria, VA 22314
Dear Chairman Matz, Board Member Fryzel and Board Member Metsger:
On behalf of the National Association of Federal Credit Unions (NAFCU), the only trade association that exclusively represents the interests of our nation’s federal credit unions, I write today to request that the National Credit Union Administration (NCUA) engage with The Federal Trade Commission (FTC) and other regulators on data security efforts. The necessity of changes to data security is more evident than ever in light of Target Corporation’s data security breach. Target Corporation just announced last Friday that in addition to the estimated 40 million credit and debit card customers whose card data was stolen and were exposed to potential fraud as a result of their data breach, there were also 70 million customers whose personal information was compromised. It will be many months before the true breadth of this breach is realized by financial institutions and their customers.
Furthermore, last Friday Neiman Marcus Inc. joined the growing list of retailers reporting that the credit card information of its customers was stolen in a data security attack occurring over the holiday shopping season. While the extent of this incident and how many consumers have been impacted remains to be seen, it represents yet another data security breach and an additional source of worry for millions of Americans. Even more troublesome are news reports that additional retailers have been breached this holiday season, but have failed to report that information to the public in a timely manner so far.
Data security breaches are a serious problem for both consumers and businesses. Financial institutions, including credit unions, bear a heavy burden and incur steep losses reestablishing member safety after a data breach occurs. The number and scope of data breaches are significant, and the damage realized may surprise those who have not been intimately involved.
NAFCU was the first financial services trade association to weigh in on data security on Capitol Hill in the wake of the Target breach. As lawmakers continue to monitor the situation and make legislative fixes as necessary, it is imperative that regulators work together to ensure the safety of our data security systems. The FTC is currently exploring a range of regulatory options to assist consumers, business, and financial institutions. NAFCU believes that the NCUA should ensure that credit unions are protected from any unnecessary regulatory burden and allow them to continue to provide quality services to their members. As you know, credit unions are already subject to stringent data security requirements. As such, any additional regulatory action should be directed towards merchants to ensure they take greater responsibility to protect against data breaches.
Should you have any questions, please feel free to contact me by telephone at (703) 842-2215 or Michael Coleman, Director of Regulatory Affairs, at email@example.com or at (703) 842-2244.
B. Dan Berger
President and CEO