Major merchant data breaches continue to put millions of consumers at risk. Credit Union National Association (CUNA) is joining with a coalition of financial trade associations to push for legislation that requires stronger data security standards for retailers.

In a joint letter with the American Bankers Association (ABA), Consumer Bankers Association (CBA) and Independent Community Bankers of America (ICBA), CUNA urges Rep. Bob Latta (R-Ohio), chair of the House Energy and Commerce Subcommittee on Digital Commerce, to reconsider the current landscape of the existing payments system.

“Data breaches impose significant costs on financial institutions of all sizes because our first priority is to protect consumers and ensure that they have no liability for fraud that typically follows a breach.  Our members provide relief to victims of breaches, regardless of where the breach occurs,” the letter reads. “In our view, it is critical for your Committee and the Financial Services Committee to collaboratively move forward on legislation that puts in place strong national data security and breach notification requirements and eliminates the current inconsistent patchwork of state law.”

The letter highlights several elements for legislative consideration, including:

  • A flexible, scalable standard equivalent to what is in the Gramm-Leach-Bliley Act (GLBA) for data protection;
  • A GLBA equivalent notification regime requiring timely notice to impacted consumers, law enforcement, and applicable regulators when there is a reasonable risk that a breach of unencrypted personal information exposes consumers to identity theft or other financial harm;
  • Consistent, exclusive enforcement of the new data security and notification national standard by the Federal Trade Commission (FTC) and state Attorneys General; and
  • Clear preemption of the existing patchwork of often conflicting and contradictory state laws for all entities that follow this national data security and notification standard.

With the recent onslaught of breaches, the trade groups further stressed the importance of enacting legislation that sets a national standard for how all entities should handle consumers’ sensitive financial data. The letter details the need for a “robust – yet flexible and scalable – process to protect data, which must be coupled with effective oversight and enforcement procedures to ensure accountability and compliance.”