Inside CUNA's 'Stop The Data Breaches' Congressional Push

Posted by Anna Kragie on Sep 27, 2019 7:00:00 AM

As we approach the 10th month of the year, it's clear that 2019's data breach statistics will once again be one for the record books. The Credit Union National Association (CUNA) has made addressing this rapidly-growing problem part of its mission as it continues to push the U.S. Congress to pass meaningful data security legislation.

Last month, CUNA created ‘Stop the Data Breaches’ MAP campaign (member activation program) directed "credit unions to make Congress aware that there cannot be data privacy without data security." Earlier this month, CUNA continued on its mission with additional updates to the campaign.

“Credit unions already know that they bear the costs of these data breaches, so the goal of the campaign is to educate credit unions members about the issue in order to have them reach out to their Members of Congress to demand action,” said Adam Engelman, CUNA’s director of federal grassroots and programs. “Congress has indicated they are aware of the privacy issue, our mission is to get them to realize we cannot have privacy without security, and we need a data security standard for all entities that handle sensitive consumer information.”

The 'Stop the Data Breaches' campaign is featured on CUNA's website, aimed at providing updates on data breaches around the U.S. This site provides information to help credit unions protect against data breaches and what they can do at a national level to contact their legislators to address this problem. 

Over the past few months, CUNA has specifically called on Congress to:

  • Treat data privacy as a national security issue, since there have been more than 10,000 data breached in the U.S. since 2005, compromising nearly 12 billion consumer records. Many of these breaches are being perpetrated by foreign governments, domestic organized crime syndicates and rogue international actors using the data to fund illicit activities;
  • Fix the weak links in the system, meaning requiring all entities that hold and use consumer data be subject to strong federal data security requirements; and
  • Set a strong federal standard that preempts state laws, removing the current patchwork of various state laws, regulations and requirements that provide uneven protection and require numerous compliance resources.

CUNA has been actively engaged with members of congress and policymakers to push for stronger data security legislation. This includes writing to leadership of multiple House and Senate Committees, along with defining the necessary items noted above. CUNA's Chief Advocacy Officer Ryan Donovan has personally contracted 535 Congressional last spring to share how data breaches impact the country from an economic and national security perspective. 

In June of this year, Lance Noggle, CUNA senior director of advocacy, wrote and op-ed for Credit Union Times about how credit union leader are leading the charge for enhanced data security legislation.

“While leaders in Congress are busy discussing ways to keep our data out of the hands of Big Tech, they ignore the all too real threat posed by everyday bad actors illegally obtaining and misusing data for profit and exploitation. It’s time for Congress to realize that we can’t have data privacy without data security,” Noggle wrote These two concepts are often conflated, but it’s important to recognize the difference to ensure that both are accounted for when fixing this growing problem.

“Data privacy looks at the ways that data is legally collected, stored, used and destroyed, and how that is disclosed to the public. Data security, on the other hand, is the protection of that data from nefarious actors. ...“It’s imperative to protect the privacy of data. But without data security, even the most robust privacy structure is simply erased."