Credit unions renew push for data security law

Credit unions are repeating their calls to Congress to establish federal data security standards.

In a letter on Wednesday to congressional leadership, the National Association of Federal Credit Unions pointed to recent high-profile data breaches, including one at Target that impacted the financial and personal information of tens of millions of consumers.

"How many more consumers will have to be affected before Congress will act?" the group wrote.

ADVERTISEMENT
The recent data breaches, including those suffered by Target, Neiman Marcus and hotel company White Lodging, have raised the issue of federal data security standards in Congress.

Among a series of hearings and calls for action earlier this year, lawmakers — including Senate Commerce Committee Chairman Jay RockefellerJay RockefellerOvernight Tech: Trump nominates Dem to FCC | Facebook pulls suspected baseball gunman's pages | Uber board member resigns after sexist comment Trump nominates former FCC Dem for another term Obama to preserve torture report in presidential papers MORE (D-W.Va.), Senate Judiciary Committee Chairman Patrick LeahyPatrick Joseph LeahyMaxine Waters to Sessions: 'Time to go back to the plantation' Franken has 'a lot of questions' for Sessions on Russia contacts Senate Dems demand Sessions testify after Papadopoulos plea deal MORE (D-Vt.), and Sens. Tom CarperThomas (Tom) Richard CarperSenate confirms top air regulator at EPA Senate panel delays vote on Trump’s Homeland Security pick Overnight Energy: Senators grill Trump environmental pick | EPA air nominee heads to Senate floor | Feds subpoena ex-Trump adviser over biofuels push MORE (D-Del.) and Roy BluntRoy Dean BluntWe must fund community health centers now Overnight Tech: Senators demand tech firms do more on Russian meddling | House Intel releases Russian-promoted ads | Apple CEO says 'fake news' bigger threat than ads | Ex-Yahoo CEO, Equifax execs to testify on breaches Facebook: Clinton, Trump campaigns spent a combined M on ads MORE (R-Mo.) — have introduced legislation aimed at heightening data security standards.

In its letter this week, the credit union group urged Congress to create federal standards to protect consumers and financial institutions.

While financial institutions are subject to federal data security standards, "retailers and many other entities that handle sensitive personal financial data are not subject to these same standards, and they become victims of data breaches and data theft all too often," the letter said.

The group outlined the costs of data breaches on credit unions, such as monitoring accounts for fraud and issuing new credit cards.

Credit unions "suffer steep losses in re-establishing member safety after a data breach occurs," the letter said.

The credit union group pushed back on the idea that financial institutions should "expedite the switch" away from traditional credit cards with magnetic strips to those that use "chip and PIN" technology.

While some — including some members of Congress — want to push financial institutions to adopt the technology more quickly, the chip and PIN technology "is no panacea for data security and preventing merchant data breaches," the group said.

That technology "does not protect against online fraud" and only heightens security of customer data if retailers also adopt the technology, the letter said.

Instead, Congress should establish standards to protect consumers from data breaches, the group wrote.

The relevant companies should have to alert financial institutions when they suffer data breaches and shoulder some of the data-related costs that credit unions face, "especially when [the companies'] own negligence is to blame," the letter said.

Additionally, Congress should require that companies limit their data retention, be more transparent about their data protection policies and tell customers when their systems have suffered from a data breach, the letter said.

"The colossal scale of recent data breaches continues to demonstrate the necessity for Congressional action."