NAFCU Deems Data Encryption Rule Unnecessary

Trade group advises NCUA to look internally for better ways to protect member data.

By Nicholas Ballasy | January 07, 2015 at 09:08 AM

The NCUA should look internally for ways to better protect credit union members' data, rather than impose a new rule, according to NAFCU Director of Regulatory Affairs Alicia Nealon.

Nealon's statement was made in response to NCUA Board Chairman Debbie Matz floating the possibility of a proposed data encryption rule after an agency examiner lost a thumb drive with personal credit union member information.

"Credit unions must already follow stringent data security and privacy requirements, and they have a strong track record of regulatory compliance with these requirements. Credit unions also constantly strive to implement the highest safeguards for their members data," Nealon said Wednesday.

A recent survey of NAFCU's member credit unions found that credit unions not only meet the regulatory requirements, but also voluntarily implement many of NCUA's suggested best practices in order to better safeguard their members data, according to Nealon.

"Rather than promulgating additional regulatory burdens on credit unions, NCUA should take a look internally at what actions the agency can take to better protect the credit unions data in its care," she said.

Matz estimated the cost of the data breach incident at the $13 million Palm Springs Federal Credit Union in Palm Springs, Calif., to be around $15,000 to $20,000.

"We are contemplating a rule, which would require encryption, but we're not at the point where I can say we're going in that direction yet but it's clearly something we're thinking about. Short of requiring it, we're really struggling trying to figure out how to prevent data breaches. That's a very fundamental thing to do, to make sure that if the data is lost or stolen that members' confidential information is protected," Matz told CU Times.

"Believe it or not, we really don't like putting out more regs than we need to but we're struggling to determine if there's another way to do this. Of course we're always willing to hear suggestions from the credit union community about how to proceed," she added.

CUNA has not commented on the possibility of a proposed data encryption rule.

NOT FOR REPRINT

1 Tennessee’s Y-12 Federal Credit Union Welcomes New CEO Dustin Millaway

2 Credit Union Loan Originations Recover: A Strong 'Rebound'

3 Cornerstone Financial Credit Union Introduces Buy Now, Pay Later Service

4 Credit Unions Push Back Against Proposed California Privacy Regulations

5 Credit Union of Texas Launches Spanish-Language Brand Todos Unidos

Insurance
Complex Claims & Litigation Forum 2025
February 24, 2025 - Las Vegas

This conference aims to help insurers and litigators better manage complex claims and litigation.
More Information
GlobeSt. Multifamily Spring 2025
April 01, 2025 - New York

Join the industry's top owners, investors, developers, brokers & financiers at THE MULTIFAMILY EVENT OF THE YEAR!
More Information
GlobeSt. Net Lease Spring 2025
April 01, 2025 - New York

This conference brings together the industry's most influential & knowledgeable real estate executives from the net lease sector.
More Information