WASHINGTON – NAFCU is calling on congressional leaders to take up long-sought data security measures as part of a broader cyber security debate on Capitol Hill.
Among the provisions NAFCU wants added to a pending cyber security bill – which focuses on security of government and military systems – are making entities whose systems are breached pay the costs borne by their customers, the creation of national standards for safeguarding data, and requirements for notifications of customers and the public when a data breach has occurred.
The new interest in data breach legislation comes after news of a major breach at card processor Global Payments, which may have exposed millions of credit card accounts to hackers.
Specifically, NAFCU asked Congress to consider adding the following measures to a cyber security bill:
* Payment of Breach Costs by Breached Entities – a requirement that entities be accountable for costs of data breaches that result on their end, especially when their own negligence is to blame.
* National Standards for Safekeeping Information – any entity responsible for the storage of consumer data must meet standards similar to those imposed on financial institutions under the Gramm-Leach-Bliley Act.
* Data Security Policy Disclosure – require merchants to post their data security policies at the point of sale if they take sensitive financial data. Such a disclosure requirement would come at little or no cost to the merchant, NAFCU said, but would provide an important benefit to the public at large.
* Notification of the Account Servicer – account servicers or owners would be required to include entities such as financial institutions in the list of those to be informed of any compromised personally identifiable information when associated accounts are involved.
* Enforcement of Prohibition on Data Retention.
