The Credit Union National Association took issue with a number of points in a letter retailers recently wrote to Congress concerning data breaches.
“Retailers are attempting to push back against strong national data security standards, despite a lack of such standards causing major data breaches that bring additional costs to credit unions,” according to a CUNA press release.
CUNA said the retailers’ letter claimed NCUA’s requirements on financial institutions were “not mandatory.” But the industry has been subject to heavy regulations and strict standards spelled out in the Gramm-Leach-Bliley Act, enacted in 1999.
“NCUA and other banking regulators have in place regulations and guidance for financial institutions to safeguard consumer data, report breaches to the regulators and provide notice to consumers,” according to the release. “All financial institutions must have data breach consumer notification programs, which are reviewed by regulators during examinations.”
Credit union regulators can impose penalties and fines on institutions that don’t have proper data breach response programs in place. But retailers have no such repercussions.
“Retailers are not subject to federal data security laws or federal notification requirements,” according to the release. “Furthermore, they are not examined for data security compliance with any law or other requirement.”