“The risk of a data breach continues to be a serious problem for both consumers and businesses,” Brad Thaler, NAFCU’s vice president of legislative affairs, said in a letter to Sens. Harry Reid (D-Nev.) and Mitch McConnell (R-Ky.). “Every time consumers choose to use plastic cards for payments at a register or make online payments from their accounts, they unwittingly put themselves at risk. Many are not aware that their financial and personal identities could be stolen or that fraudulent charges could appear on their accounts, in turn damaging their credit scores and reputations. Consumers trust that entities collecting this type of information will, at the very least, make a minimal effort to protect them from such risks. Unfortunately, this is not always true.”
Thaler said that while financial institutions are subject to data security standards under Gramm-Leach-Bliley, retailers and other firms that handle personal data are not subject to the same rules, which makes them susceptible to data theft.
“Financial institutions bear a significant burden as the issuers of payment cards used by millions of consumers,” Thaler said. “Credit unions suffer steep losses in re-establishing member safety after a data breach occurs. They are often forced to charge off fraud-related losses, many of which stem from a negligent entity’s failure to protect sensitive financial and personal information or the illegal maintenance of such information in their systems…Any entity that stores financial or personally identifying information should be held to minimum standards for protecting such data.”
Last week, the House voted to adopt a number of measures aimed at improving cyber security. The measures moved to the Senate, which failed to pass a comprehensive cyber security bill twice last year, The Hill reports.
The Senate Homeland Security, Commerce and Intelligence Committees are each drafting individual proposals, an indication the adoption of the consumer protective measures could be stalled as the proposals move through regular order.
Thaler urged lawmakers to consider payment of breach costs by breached entities, national standards for safekeeping data, disclosure of data security, notification of the account servicer, burden of proof in breach cases, enforcement of prohibition on data retention and disclosure of breached entity when it addresses cyber security in its proposals.
“NAFCU hopes to see the Senate begin debate on the issue of cyber security and urge you not to overlook the issue of data security and to consider adding provisions to protect consumers from breaches that compromise their financial and personally identifying information,” Thaler said. “Data security is a common-sense bipartisan issue that must be addressed.”