In an op-ed for The Hill this week, Jim Nussle, the president and CEO of the Credit Union National Association, writes that—in an age in which Americans have gotten used to sharing their data for activities online like shopping, home assistants and social media—there should be a strong national law that protects this data, ensures consumer safety online, and specifically closes any loopholes that would allow hackers to use it in harmful ways. This data, Nussle argues, should be treated the same as the data collected by institutions like credit unions or hospitals, meaning complete protection for consumers.
His conclusion:
“Until Washington sets a nationwide standard, American businesses are faced with a confusing, inconsistent patchwork of data security and privacy laws that not only increases regulatory compliance costs for businesses, but also creates glaring loopholes that bad actors can exploit to steal troves of loosely guarded datasets.”
Our policy framework represents exactly such a standard: It fills in the gaps in existing laws protecting data collected by institutions like credit unions or hospitals. It envisions a sweeping national law that would set clear rules about how companies can collect and use data, including clear requirements for companies to obtain a consumer’s express consent before collecting or using sensitive information. And it addresses data security by requiring companies to develop, implement, and maintain a comprehensive data security program—which includes various safeguards appropriate to the nature and scope of the covered organization’s business and operations, the sensitivity of the personal information at issue, and the privacy risks and threats presented to the personal information.
You can read Nussle’s full piece here.