Congress, Administration Must Address Data Privacy in a Meaningful Way

February 28, 2019 |

From CUNA News – The time has come for new federal protections regarding the use and security of data held by businesses and entities, CUNA wrote to the House Energy and Commerce Committee this week. CUNA sent its letter for the record of the committee’s hearing on protecting consumer privacy.

“Since Americans’ personal information has become so valuable in the aggregate to businesses and criminals worldwide, the time has come for new Federal protections regulating the use and security of data held by all businesses and entities. Europe’s General Data Protection Regulation (GDPR) and California’s California Consumer Privacy Act (CCPA) show that foreign governments and states are not willing to sit on the sidelines and neither should Congress. Action is required to ensure that all Americans can enjoy robust protection of their most important personal data from misuse and theft.”

CUNA notes that the current gaps in data protection and privacy laws hurt consumers and businesses, as information can misused by bad actors.

“Although data security is a major issue for credit unions, we realize the problem is much bigger than the financial services industry with robust privacy and data security requirements for all industries becoming increasingly necessary,” the letter reads. “The cornerstone of any new privacy requirements should be robust data security requirements for business and other entities that collect consumers’ personal information.”

CUNA believes any new privacy law and/or data security requirements should:

  • Cover both privacy and data security;
  • Cover all companies that collect, use or share personal data;
  • Be based on protection of data to prevent from theft and misuse. Notification and disclosure after the fact are important, but is not a substitute for adequate protection;
  • Provide mechanisms to address the harms that result from privacy and security violations, including data breaches. Individuals and companies should be afforded a private right of action, and regulators should have the ability to take action against entities that violate the law; and
  • Preempt state law to simplify compliance and create equal expectation and protection for all consumers, with a goal to create a national standard for all to follow.