NAFCU urges Congress to create data security working group
WASHINGTON, DC (September 30, 2014) — National Association of Federal Credit Unions (NAFCU) President and CEO Dan Berger wrote congressional leaders today urging them to create a bipartisan-bicameral working group to develop legislative responses to retailer data security breaches. Berger’s letter comes amid the supermarket chain Supervalu announcement of a second data breach, which may have affected card transactions at stores in 21 states.
“Data breaches in both the private and public sectors have the ability to cause irreparable harm to consumers everywhere,” Berger wrote. “At a bare minimum, these breaches cause inconvenience as those impacted must reactivate new debit and credit cards or scramble to change passwords and other account related information. However, for many other consumers the impact is much greater and can involve fraudulent account activity, working to repair credit score damage, and even identity theft.”
In his letter, Berger said the working group must be charged with developing a list of legislative recommendations to address the epidemic of breaches. NAFCU was the first financial trade association to push for legislators to pass national data security standards for retailers in the wake of the massive Target breach last year and enhanced data security standards is a key element of NAFCU’s Five Point Plan. Berger also noted that the recent Home Depot data breach makes this an optimal time to create such a working group.
Last week, Berger also wrote President Obama to urge his support for national data security and breach notification standards for retailers.
Financial institutions including not-for-profit, member-owned credit unions, are already subject to such standards under the Gramm-Leach-Bliley Act and continue to pick up the tab for data breaches. However, retailers are not subject to the same standards. The Target data breach alone will cause financial institutions to lose $480 million in card replacement costs and other expenses, according to estimates by NAFCU. Unfortunately, credit unions will likely never recoup much of this cost since there is no statutory requirement making retailers accountable for costs associated with breaches that result on their end.
“Credit unions are on the front lines assisting their members in the wake of ongoing data breaches and have a unique understanding of how detrimental such data breaches can be to consumers and small financial service providers.”
The National Association of Federal Credit Unions is the only national trade association that exclusively represents the interests of federally chartered credit unions before the federal government and the public.