CUNA News
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • Topics
    • Community Service
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Credit Union Magazine
    • Buyers' Guide
    • COVID-19
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • Advertise
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Jobs
  • Contact

News

Home » Tighten up third-party contracts to mitigate cyberthreats
Compliance

Tighten up third-party contracts to mitigate cyberthreats

Equifax breach underscores need for close contract management.

October 4, 2017
Ron Jooss
No Comments
Brian Lauer

Many credit unions have contracts with third-party vendors that have access to their member data. In fact, it’s not uncommon for credit unions to have this level of contractual relationship with hundreds of suppliers.

The proliferation of data breaches in the past few years has forced credit unions to view those relationships, and their contracts, with a more critical eye. The recent Equifax breach has only heightened this wariness.

“When we found out that Equifax knew about the breach in May, and didn’t tell us until three months later, that’s when things went crazy,” says Brian Lauer, an attorney with the firm Messick, Lauer and Smith, who addressed a breakout session at CUNA’s Governance, Risk Management, and Compliance Leadership Institute.

“Really, the goal is that you can react to a data breach of a third party as you would to a data breach to your own in-house system,” Lauer says. “We can try to handle that with the contracts you have with your third parties.”

Virtually every credit union has data breach language in its contracts with third-party vendors, Lauer says. Usually that language says something to the effect that the third party will notify the credit union in the case of breach when it reasonably believes the breach will have a material effect on the members’ information.

“But who decides what’s ‘reasonable’ and what’s ‘material?’” Lauer asks. “You might think you have timely notification of unauthorized disclosure of your member information, but you might get into an argument with them if you find out much later. Did Equifax notify anyone in May?”

Lauer suggested that credit unions try to negotiate into their agreements a clause demanding the third party contact them following any unauthorized disclosures of member information, which allows the credit union to decide if it must notify members.

“You might have vendors who push back, but it’s a very good starting point for a conversation,” Lauer says. 

KEYWORDS cybersecurity

Post a comment to this article

Report Abusive Comment

Credit Union Magazine: Winter 2022

Winter 2022

Credit Union Magazine’s Winter 2022 issue highlights data-driven marketing, the board’s role in cybersecurity, elder abuse scams, credit unions’ auto lending advantage, and more.
Digital Edition •  Subscribe

Trending

  • House passes CUNA, League-led board modernization bill

  • CFPB issues CUNA-opposed proposal on credit card late fees

  • Key committee leaders supportive of credit union priorities

Tweets by CUNA_News

Polls

Vote for the 2023 CU Hero of the Year

View Results
More

Champion for the Credit Union Movement

Credit Union National Association is the most influential financial services trade association and the only national association that advocates on behalf of all of America's credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • Membership
  • Contact Us
  • Careers

Resources for

  • Credit Union Advocates
  • Leagues
  • Press
  • Providers

Our Affiliates

  • American Association of Credit Union Leagues (AACUL)
  • Credit Union Awareness
  • Credit Union House
  • CUNA Strategic Services
  • National Credit Union Foundation
GET CUNA UPDATES
© 2023 Credit Union National Association | ADA Compliance Notice & Legal
Email Us