The reputations of credit unions are at risk due to the lack of requirements for merchants, retailers or other non-depository entities to disclose breaches of their data systems, according to Air Academy FCU CEO Glenn Strebe.
During his testimony in front of the House Small Business Subcommittee on Healthcare and Technology in early Dec., Strebe told lawmakers that establishing a notification requirement would enable credit unions to preserve the good will of its memberships when they must disclose breaches to consumers, NAFCU.org reports.
“The best way to move forward and address data breaches is to create a comprehensive regulatory scheme for those industries that are not already subject to oversight,” Strebe said during his testimony.
Strebe described how costly a breach involving even a single local merchant can be by pointing to a breach at a liquor store in 2009 that cost the credit union $60,000 in losses.
The National Association of Federal Credit Unions has urged Congress to enact comprehensive data security legislation that has already been introduced in both the House and the Senate.
The Data Security Act has been referred to the Senate Banking Committee and the Secure and Fortify Electronic Data Act has been referred to the House Energy and Commerce Committee. Both bills would require security standards and procedures for breach notifications, according to NAFCU.org.
Another bill pending in the Senate would increase penalties for identity theft and other violations of data privacy and security requirements. It would also allow state attorney generals to bring civil actions against business entities for violations.
“While, the reputation risk to financial institutions may be difficult to solve with legislation, Congress should consider holding accountable those companies that are responsible for significant data breaches,” Strebe said.