NAFCU remains active on data security in conjunction with Senate Banking hearing

WASHINGTON, DC (May 25, 2018) — National Association of Federally-Insured Credit Unions (NAFCU) Vice President of Legislative Affairs Brad Thaler sent the following letter to the Senate Banking Committee in conjunction with today’s committee hearing “Cybersecurity: Risks to the Financial Services Industry and Its Preparedness.”

“Credit Unions are pleased to work with the National Credit Union Administration (NCUA) and the Federal Financial Institutions Examination Council (FFIEC) as regulatory partners in protecting credit unions and the financial system from cyber-attacks,” said Thaler. “While credit unions and other financial institutions have been subject to standards on data security since the passage of the Gramm-Leach-Bliley Act (GLBA), including having federal regulators oversee and work with them on these standards, others such as retailers and merchants are not held to the same high standards of data security.”

In addition to today’s letter, Thaler also included NAFCU’s top data security principles, which include:

  • requiring entities to be accountable for related costs of data breaches that occur on their end, especially if the breach is caused by that entity’s negligence;
  • requiring all entities that store consumer data to meet standards similar to those imposed on depository institutions under the Gramm-Leach-Bliley Act (GLBA);
  • requiring merchants to post their data security policies at the point of sale if they take sensitive financial data;
  • informing financial institutions of any compromised personally identifiable information when associated accounts are involved;
  • disclosing names of the companies and merchants whose data systems have been violated so consumers are aware of those that place their personal information at risk;
  • enforcing violations of existing agreements and law by those who retain payment card information electronically; and
  • having the evidentiary burden of proving a lack of fault rest with the negligent entity that incurred the data breach.

NAFCU has been a leader on data security issues in recent years. The association was the first financial trade group to call for a national data security standard for retailers in the wake of the 2013 Target breach. Last November, NAFCU witness Debra Schwartz, NAFCU Board treasurer and president and CEO of Mission Federal Credit Union (San Diego, Calif.), testified before a House Financial Services subcommittee, recommending ways to curb data breaches.

For full text of the letter, click here.


The National Association of Federally-Insured Credit Unions is the only national trade association focusing exclusively on federal issues affecting the nation’s federally-insured credit unions. NAFCU membership is direct and provides credit unions with the best in federal advocacy, education and compliance assistance. For more information on NAFCU, go to or @NAFCU on Twitter.


Molly Safreed, (NAFCU)

More News