by: Jim Nussle, president and CEO, Credit Union National Association

With data breaches continuing to happen left and right, we need a bill that would establish a national data security standard. Thankfully, that’s exactly what Reps. Randy Neugebauer (R-Texas) and John Carney’s (D-Del.) legislation, the House Data Security Act of 2015, would do. H.R. 2205 would require all entities that deal with consumers’ personal information to develop and maintain an effective information security program tailored to the complexity and scope of its operations and the sensitivity of its data.

It is simple: Those who accept card payments need to be held to the same standard as those who issue cards for payment. This is not an attempt to crush small business, as Mr. French portends (“Bank-style rules for small business are wrong approach to data security,” June 1). Neugebauer and Carney’s bill will actually protect consumers.

Merchants have little incentive to adopt stronger security measures on their own because the cost of their data breaches are passed on to credit unions and banks. Holding these retailers accountable is not only good logic, it is sound policy.

continue reading »