CUNA MUTUAL GROUP: In Wake of Breach, NAFCU Again Presses Congress On Data Security Standard

CUNA Mutual Group issued the following announcement on Dec. 4.

WASHINGTON–In the wake of the data breach involving Marriott hotels, NAFCU has sent a letter to members of the House Financial Services Committee and the

Breach

Senate Banking Committee that reiterates its call for a national data security standard for entities that collect and store consumers’ personal and financial information.

The Marriott breach involves as many as 500 million people and includes personally identifiable and financial information, although, as CUToday.info reports elsewhere, it may not be financial account and Social Security numbers that the thieves find most valuable.

All such entities should be subject to the same stringent requirements as depository institutions, said NAFCU.

“While it may not help the millions of Americans that have been victimized by this breach, the time for Congress to act is now to prevent future breaches and harm to consumers,” the letter reads. “We would urge the Committee’s continued focus on this important topic and the need for addressing consumer data security issues in the remaining days of this Congress and in the new Congress.”

Guiding Principles

In its letter, NAFCU again pointed to a set of guiding principles it would like to see used in addressing any comprehensive cyber and data security effort. Those principles include:

Payment of Breach Costs by Breached Entities

National Standards for Safekeeping Information

Data Security Policy Disclosure

Notification of the Account Servicer

Disclosure of Breached Entity

Enforcement of Prohibition on Data Retention

Burden of Proof in Data Breach Cases

Original source can be found here.