NWCUA Shares Data Privacy, Collection, Use, and Protection Feedback with Sen. Crapo

Your Association tells the Senate Committee on Banking, Housing, and Urban Affairs that new or amended privacy laws should cover both privacy and security of data.

3/5/2019

On the heels of the passage of the historic Economic Growth, Regulatory Relief and Consumer Protection Act last year, Idaho Senator Mike Crapo is rapidly pursing “must pass” legislation of interest to credit unions and consumers.

In his role as Chairman of the Senate Committee on Banking, Housing and Urban Affairs, Sen. Crapo and Ranking Member Sherrod Brown (D-Ohio) have asked for feedback on the collection, use, and protection of sensitive information by financial regulators and private companies.

The Northwest Credit Union Association, in collaboration with member credit unions and the Credit Union National Association, is engaged in the process. NWUCA sent a letter to Senators Crapo and Brown to ensure credit union operations and services to members are considered in any new or amended laws. 

“Northwest credit unions take seriously the responsibility of protecting their members’ data and comply with Gramm-Leach Bliley standards by testing their cyber preparedness to maintain the highest levels of security,” said Samantha Beeler, NWCUA Vice President, Advocacy. “We will advocate for legislation that enforces accountability for all entities that collect, use, or share personal data.”

Other points NWCUA offered to the Committee include:

  • Any new or amended privacy law should cover both privacy of data and security of that data. Privacy is violated if data is compromised due to breach or theft.
  • Data security requirements should be based on protection of data to prevent misuse or breach. Notification or disclosure after the fact is important, however, by the time a breach has occurred, harm may have already been done to hundreds of thousands, if not millions of consumers. Robust protection is paramount to any new or amended legislation.
  • The law must provide remedies to address the harm that results from privacy and security violations, including data breaches. Increasingly, courts are recognizing the rights of those impacted by such violations, including consumers and businesses such as credit unions. We believe victims should be afforded a private right to hold accountable those who violate the law. Accordingly, regulators need the ability under law to act against entities in violation.
  • New or amended legislation should create a national standard for all entities engaged in the collection, use, retention, and destruction of sensitive information to follow. The current patchwork of state-level requirements may make it easier for hackers to identify and expose vulnerable targets. We encourage federal legislation that would preempt any requirements issued at the state level, ensuring one standard of compliance and fair protection for all consumers.

NWCUA’s document is co-signed by Troy Stang, NWCUA President and CEO, and Kent Oram, President and CEO of Idaho Central Credit Union and Vice Chair of the NWCUA Board of Directors. A delegation of more than 200 credit union advocates from Idaho, Oregon, and Washington will join NWCUA in discussing this important initiative with Northwest Members of Congress and the U.S. Senate during the Credit Union National Association’s Governmental Affairs Conference March 10-14 in Washington, D.C.