The National Association of Federal Credit Unions (NAFCU) last week urged leaders of the House Committee on Homeland Security to support enhanced data security. Timely notification of financial data breaches is a key part of NAFCU’s initiative to improve data security. Recently, the president released an executive order on cyber-security that included a process for sharing cyber threats to targeted private entities within 120 days. NAFCU would like to see more done to relieve some of the significant burden credit unions have with the existing data breach regulations. Called the “21st Century Data Security Standards,” NAFCU urged changes that include:

  • Payment of breach costs by the breached entities rather than the credit union
  • National standards for safekeeping of financial information
  • Require merchants to disclose their data security policy
  • Require the timely disclosure of a breached entity
  • Enforcement of prohibition of financial data
  • Require the timely notification of the account servicer if an account has been compromised by a data breach
  • Require breached entities prove a “lack of fault” if they have suffered a data breach

Congress has begun to respond to this plan. On March 12, 2013, the House of Representatives passed H.R. 749, and the bill has moved on to the Senate. This bill would add an exception to the Gramm-Leach-Bliley Act essentially allowing financial institutions to only send updated privacy notices when such notices have changed. This would help reduce some of the compliance burden suffered by all financial institutions (and help reduce waste through thrown out notices).

If you have any other questions regarding current developments in data security for financial institutions, contact our dedicated professionals in our IT Assurance and Security Group in Troy, MI, Houston, TX and Ft. Lauderdale, FL.

Source: NAFCU