Learn More about Member Value

News

Member Benefits
Learn more
Learn more about the benefits of membership.
Policy & Issues

CUNA, partners keep heat on for stronger merchant standards in data breach law

February 3, 2015

WASHINGTON (2/4/15)--Federal data breach legislation must contain strong national data protections and consumer notification standards, combined with effective enforcement provisions, the Credit Union National Association emphasized in a letter submitted for the record of an upcoming hearing

The necessary standards were specified in a letter to members of the U.S. Senate subcommittee on consumer protection, product safety, insurance and data security, which will conduct a hearing on data breach legislation Thursday.

CUNA, with several other financial trade organizations, sent the letter to give its perspective on key elements that should be included in any legislative approach to data breaches.

The five principles are:

  • trong national data protection and consumer notification standards with effective enforcement provisions applicable to any party with access to important consumer financial information;
  • Banks and credit unions are already subject to robust data protection and notification standards. These Gramm-Leach-Bliley Act requirements must be recognized;
  • Inconsistent state laws and regulations should be preempted in favor of strong federal data protection and notification standards;
  • In the event of a breach, the public should be informed where it occurred as soon as reasonably possible to allow consumers to protect themselves from fraud. Banks and credit unions should be able to inform their customers and members about the information regarding the breach, including the entity at which the breach occurred; and
  • The costs of a data breach should ultimately be borne by the entity that incurs the breach, since credit unions and banks bear a disproportionate burden in covering the costs of breaches occurring beyond their premises.

Credit unions have been subject to significant regulatory requirements and internal safeguards for the past 15 years. These include requirements to protect information and notify customers of a breach as well as federal oversight, examination and sanction authority.

"This extensive legal, regulatory examination and enforcement regime ensures that financial institutions robustly protect American's personal financial information," the letter reads. "In contrast, retailers that accept electronic payments face no similar requirements or oversight, and as a result millions of American consumers' personal financial information has been compromised in recent years."

CUNA and several trade organizations sent a letter to the House subcommittee on commerce, manufacturing and trade before a similar hearing, a letter that was entered into the official record.

There are currently a number of data breach bills circulating, but CUNA is pushing for more aggressive legislation that contains the principles mentioned above.

Stop the Data Breaches

Identity Theft: Who’s Got Your Number? electronic member seminar kit

Anytime Adviser ID Theft coach

Lock Down Your Smartphone drive-up envelope

Stop Identity Theft--customized lobby brochure

Stickley on Security

Awareness Technologies/CUNA Strategic Services

DH Compushare/CUNA Strategic Services

SilverSky/CUNA Strategic Services

TraceSecurity/CUNA Strategic Services

This Month Lending Roadmap

The Dividend Difference

Patronage dividends—distributions a cooperative pays members based on a proportion of its profits—drive engagement in a way only cooperatives can.
Bright Ideas

Growth Through Inclusion

Serving underbanked populations can both boost the bottom line and set up credit unions for long-term success.
Get Smart

Giving Back Is the Only Way

Community service is a natural extension of credit union philosophy.
App Digital Edition Subscribe

Trending

Polls

What's the pace of staff turnover at your CU?

View Results
More