ARLINGTON, Va.—NAFCU is urging Congress to hold retailers to a national data security standard.
Writing in advance of Wednesday’s subcommittee hearing, NAFCU Vice President of Legislative Affairs Brad Thaler Monday urged a House Energy and Commerce subcommittee to strengthen draft legislation by incorporating a strong national data security standard for retailers and to mandate related rulemaking.
Writing the Subcommittee on Commerce, Manufacturing and Trade, Thaler also said the legislation must add a liability provision for merchant data breaches and clarify that all entities covered by the Gramm-Leach-Bliley Act are exempt from new requirements.
Wednesday’s hearing will focus on a discussion draft of data security legislation that primarily focuses on breach notification. Committee members Marsha Blackburn (R-TN), and Peter Welch (D-VT), are the sponsors of the draft, titled the “Data Security and Breach Notification Act.”
Thaler, writing to full committee Chairman Fred Upton (R-Mich.) and Ranking Member Frank Pallone (D-NJ), and Subcommittee Chairman Michael Burgess (R-TX), and Ranking Member Jan Schakowsky (D-IL.) said last week’s report showing retailers are failing to meet widely accepted payment card industry, or PCI, data security standards illustrates the need for Congress to act.
NAFCU continues to press Congress for action on legislation which ensures that:
- Breached entities be held accountable for costs resulting from their negligence.
- Consumers be notified of breaches and made aware of retailers’ data security policies.
- Account servicers be notified.
- Retailers be held to a strong national standard on data security.