Newsroom

October 24, 2019

NAFCU's Thaler: National data security, privacy standards needed

NAFCU's Thaler sent a letter to the SBC urging for the creation of a national data security standardAhead of today's Senate Banking Committee hearing on data privacy rights and data valuation, NAFCU Vice President of Legislative Affairs Brad Thaler urged lawmakers to consider a national data security standard for institutions that collect and store consumer information. In addition, Thaler recommended a national standard for data privacy to ensure consistency throughout the country.

"While depository institutions have had a national standard on data security since the passage of the Gramm-Leach-Bliley Act (GLBA) over two decades ago, other entities who handle consumer financial data do not have such a national standard," wrote Thaler. "Along those same lines, we also believe that there is a need for a uniform national consumer data privacy standard as opposed to a patchwork of standards stemming from different state data privacy laws."

In the letter, Thaler also recommended that the Senate Banking Committee work collaboratively with other committees and task forces in the Senate so they can more easily find a proper package that will receive bipartisan support. Thaler also wrote a letter to the House Financial Services Task Force on Artificial Intelligence pushing for a national data security standard earlier this month.

October is recognized as National Cybersecurity Awareness Month, though data security and privacy are among the top concerns for the credit union industry year-round. NAFCU has flagged the increase in credit unions' costs as they work to make members whole after data breaches, as well as their efforts to bolster cybersecurity at their institutions. The association also keeps credit unions updated as states, such as California, implement data privacy laws.

As a leader in calling for national data security standards, NAFCU has myriad resources available to ensure credit unions can effectively identify and address cybersecurity concerns.