ARLINGTON, Va. In a letter to Congress, NAFCU is urging it to take data breaches as seriously as it has been taking cyber-security-related issues.
“Every time consumers choose to use plastic cards for payments at a register or make online payments from their accounts, they unwittingly put themselves at risk,” NAFCU said.
The trade group noted that the Gramm-Leach-Bliley legislation on data security applies to financial institutions, but merchants and others that handle sensitive data are not subject to the same rules and requirements. “Any entity that stores financial or personally identifying information should be held to minimum standards for protecting such data,” NAFCU wrote.
NAFCU is urging the House Energy & Commerce Committee to introduce new language that would reduce credit union expenditures for breaches resulting from card use; that national standards for safekeeping information be created for all stages of a transmission; that merchants be required to post their data security policies at the point of sale if they take sensitive financial data; that consumers have the right to know which business entities have been breached, along with other new rules.
