CUNA
  • Advocacy
    • Priorities we’re fighting for
    • Actions you can take
  • News
  • Learn
  • Compliance
  • Shop
  • Topics
    • Community Service
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Credit Union Magazine
    • Buyers' Guide
    • COVID-19
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • COVID-19
  • Advertise
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Contact
Learn More about Member Value

News

Member Benefits
Learn more
Learn more about the benefits of membership.
Home » Tighten up third-party contracts to mitigate cyberthreats
Compliance

Tighten up third-party contracts to mitigate cyberthreats

Equifax breach underscores need for close contract management.

October 4, 2017
Ron Jooss
No Comments
Brian Lauer

Many credit unions have contracts with third-party vendors that have access to their member data. In fact, it’s not uncommon for credit unions to have this level of contractual relationship with hundreds of suppliers.

The proliferation of data breaches in the past few years has forced credit unions to view those relationships, and their contracts, with a more critical eye. The recent Equifax breach has only heightened this wariness.

“When we found out that Equifax knew about the breach in May, and didn’t tell us until three months later, that’s when things went crazy,” says Brian Lauer, an attorney with the firm Messick, Lauer and Smith, who addressed a breakout session at CUNA’s Governance, Risk Management, and Compliance Leadership Institute.

“Really, the goal is that you can react to a data breach of a third party as you would to a data breach to your own in-house system,” Lauer says. “We can try to handle that with the contracts you have with your third parties.”

Virtually every credit union has data breach language in its contracts with third-party vendors, Lauer says. Usually that language says something to the effect that the third party will notify the credit union in the case of breach when it reasonably believes the breach will have a material effect on the members’ information.

“But who decides what’s ‘reasonable’ and what’s ‘material?’” Lauer asks. “You might think you have timely notification of unauthorized disclosure of your member information, but you might get into an argument with them if you find out much later. Did Equifax notify anyone in May?”

Lauer suggested that credit unions try to negotiate into their agreements a clause demanding the third party contact them following any unauthorized disclosures of member information, which allows the credit union to decide if it must notify members.

“You might have vendors who push back, but it’s a very good starting point for a conversation,” Lauer says. 

KEYWORDS #CUNAGRC17 breach contacts cybersecurity

Post a comment to this article

Report Abusive Comment

Credit Union Magazine - Winter 2020

Winter 2020

Credit Union Magazine’s Winter 2020 edition features CUNA’s 2021 lending outlook, CEO insights on adjusting to the pandemic, and board recruitment strategies.
Digital Edition •  Subscribe

Trending

  • NCUA proposes raising threshold for ‘complex’ CUs

  • Compliance: 2020 Year in Review, Checklist now available

  • NCUA’s 2021 supervisory priorities reflect COVID effects

Tweets by CUNA_News

Polls

Will you ask employees to receive the coronavirus vaccine?

View Results
More

Champion of America’s Credit Unions

Credit Union National Association is the only national association that advocates on behalf of all of America’s credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • About
  • Careers
  • Contact Us
  • Recommended Websites
  • Privacy Policy

Resources for

  • CUNA Board Members
  • Credit Union Advocates
  • Leagues
  • Press
  • Vendors