National Association of Federal Credit Unions (NAFCU) President and CEO Dan Berger issued the following statement today regarding President Barack Obama’s policy directive on cyber incident coordination.
“NAFCU and our members welcome President Obama’s continued focus on addressing cybersecurity threats,” said Berger. “However, data security is also of critical importance, and much more needs to be done on this front. Retail data breaches continue to be popular among cybercriminals seeking to capture consumers’ sensitive personal and financial information.”
To that end, NAFCU supports passage of the “Data Security Act of 2015” (H.R. 2205/S. 961), bipartisan legislation introduced by Reps. Randy Neugebauer (R-Texas) and John Carney (D-Del.) that would hold retailers responsible for implementing security measures to protect consumer data. S. 961 was introduced by Sens. Tom Carper (D-Del.) and Roy Blunt (R-Mo.).
Credit unions and other financial institutions already protect consumers’ personal data under the provisions of the 1999 Gramm-Leach-Bliley Act (GLBA). There is no comprehensive regulatory structure similar to GLBA for other entities, such as retailers, that handle sensitive personal and financial data.