Dan Berger, the president and CEO of the National Association of Federal Credit Unions, recently called on Congress to hold retailers responsible for data breaches that occur in their systems.
Berger cited data from the Identity Theft Resource Center that showed more than 600 data breaches occurred in 2013—dubbed by PC World as the year of the personal data breach, American Banker reports.
“Many Americans may not realize that data breaches can happen at any retailer, large or small,” Berger said, according to American Banker. “They also may not be aware of the risks associated with each transaction. In a data breach, the consumer is exposed to potential identity theft, fraudulent charges and damage to their credit scores and reputations. While we are heartened by recent efforts in Congress to address these breaches, more needs to be done to make sure retailers and other entities safeguard consumers’ sensitive information.”
Berger said financial institutions bear the lion’s share of the burden after a merchant data breach because the institution must notify accountholders, issue new cards, restore stolen funds and accommodate greater customer service volume.
“Unfortunately, the retailers continue to balk at the notion of being held responsible for their part in safeguarding consumers’ sensitive data,” Berger said, American Banker reports. “The National Association of Federal Credit Unions believes if retailers want to reap the rewards of consumer sales, they should also take an active role in protecting their data. It is with this in mind that NAFCU is calling on Congress to make comprehensive data security legislation a priority in 2014.”
Berger urged Congress to require merchants to absorb the costs of breaches that occur in their systems, especially when negligence is a factor, and to require entities that store consumer data to meet data security standards similar to those established under the Gramm-Leach-Bliley Act.
Additionally, Berger urged lawmakers to require the timely disclosure of data breaches, to require merchants to post data security policies at registers and to require a breached merchant or retailer to demonstrate efforts have been undertaken to prevent another breach.
“Simply put, Congress needs to protect Americans against the data thieves that can be lurking at every transaction, online and in stores,” Berger said, according to American Banker. “NAFCU urges lawmakers to make 2014 the year of data security by implementing stricter standards on the under-regulated entities that hold personal data. Without this fix, it is just a matter of time until consumers are once again harmed in the next data breach.”