FOR IMMEDIATE RELEASE
CONTACT: Vicki Christner – CUNA Communications; (202) 508-6754; vchristner@cuna.coop
Washington, D.C. (February 3, 2015) – The Credit Union National Association (CUNA) sent a letter to the Senate Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security on data breaches today ahead of the subcommittee hearing scheduled for Thursday on the topic. CUNA, along with six other financial services trade associations, note that the financial industry is required by law to develop and maintain robust internal protections to combat and address criminal attacks, and are required to protect consumer financial information and notify consumers when a breach occurs within their systems that will put their customers at risk, but the same cannot be said for other industries that routinely handle this same information and increasingly store it for their own purposes.
See the full letter below:
February 3, 2015
Chairman Jerry Moran Ranking Member Richard Blumenthal
Subcommittee on Consumer Protection, Subcommittee on Consumer Protection,
Product Safety, Insurance and Product Safety, Insurance and
Data Security Data Security
Committee on Commerce, Science and Committee on Commerce, Science and
Transportation Transportation
United States Senate United States Senate
Washington, D.C. 20510 Washington, D.C. 20510
Dear Chairman Moran and Ranking Member Blumenthal:
Thank you for holding a timely hearing entitled, “Getting it Right on Data Breach and Notification Legislation in the 114th Congress” in the Subcommittee on Consumer Protection, Product Safety, Insurance and Data Security.
As the 114th Congress engages in public debate on the important issue of data security, the undersigned financial trade associations are writing this letter for the hearing record to: 1) give our perspective on the key elements that should be included in any legislative approach; and, 2) to make you aware of the current robust regulatory regime already in place that requires financial institutions to protect the financial information of their customers/members and to notify them in the event of a breach that is likely to put them at risk.
We share your concerns about protecting consumers and strongly believe that the following set of principles should serve as a guide when drafting legislation to provide stronger protection for consumer financial information:
As noted above, some industries – including the financial industry – are required by law to develop and maintain robust internal protections to combat and address criminal attacks, and are required to protect consumer financial information and notify consumers when a breach occurs within their systems that will put their customers at risk. The same cannot be said for other industries, like retailers, that routinely handle this same information and increasingly store it for their own purposes. The Identity Theft Resource Center has compiled a list of all publicly reported breaches in the United States and shows that banks accounted for only 5.5 percent of all breaches in 2014. Other businesses accounted for 33 percent. Retailer groups continue to cite a Verizon report on data breach statistics as a way to distract policymakers regarding the primary focus of data security breaches, but the inconvenient truth is that this Verizon report is based on an international sample of breaches as opposed to an actual compilation of all publicly reported breaches in the United States.
For more than 15 years, credit unions and banks have been subject to significant regulatory requirements and internal safeguards which have been substantially enhanced over the years. These include:
This extensive legal, regulatory examination and enforcement regime ensures that financial institutions robustly protect American’s personal financial information. In contrast, retailers that accept electronic payments face no similar requirements or oversight, and as a result millions of American consumers’ personal financial information has been compromised in recent years.
The groups below look forward to working with you and your colleagues in order to protect your constituents’ personal financial information.
Sincerely,
American Bankers Association
Consumer Bankers Association
Credit Union National Association
Financial Services Roundtable
Independent Community Bankers of America
National Association of Federal Credit Unions
The Clearing House