Go to:

April 2019
< Mar May >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

CUNA Urges CU Action to Support Data Security Act
Tuesday, December 8, 2015 6:50 AM

Credit Union National Association is engaging state credit union leagues, credit unions, and credit union members via an action alert to generate a strong show of support for the Data Security Act of 2015 (H.R. 2205).

“The bill contains several provisions CUNA has advocated for, including more stringent data security standards for merchants, allowing credit unions to disclose and identify to member details of a data breach and ensures that one law will provide uniform protections across the country,” said Richard Gose, CUNA’s chief political officer, encouraging credit union leaders to weigh in. “We need credit unions to reach out to their members of Congress, specifically those credit unions based in Financial Services Committee members’ districts, and voice your support for the bill and its provisions.”

CUNA has also written in support of the bill to the House Financial Services Committee, which will mark it up today. Credit unions and their members can access CUNA’s grassroots action center, which will allow them to voice their support of the bill to their legislators.

H.R. 2205 applies to entities that handle sensitive consumer data, but do not currently have a federal obligation to protect such data. It puts in place a notification standard for breached entities, allows the Federal Trade Commission and financial regulators to enforce the bill and requires covered entities to:

  • Develop and maintain an effective information security program tailored to the complexity and scope of its operations, and the sensitivity of its data;
  • Oversee service providers with access to customer information, including requiring service providers by contract to take appropriate steps to protect the security and confidentiality of this information;
  • Train staff to prepare and implement its information security program;
  • Test key controls, systems and procedures of its information security program; and
  • Adjust its information security program to reflect the results of its ongoing risk assessment.