Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CUNA tells Congress: Data security's very framework must be addressed
WASHINGTON (2/3/14)--Congress should take a broad look at how consumer data is secured and the improvements that are necessary to prevent future breaches from taking place, the Credit Union National Association said in a letter submitted for the record of a Senate Banking Committee data security hearing scheduled this week.

The hearing, entitled "Safeguarding Consumers' Financial Data," follows last year's Target data breach. That breach resulted in the theft of 40 million debit and credit cards, and encrypted PIN data, and the names, mail and email addresses, and phone numbers of up to 70 million individuals. Credit unions have already incurred costs estimated to be in the range of $25 million to $30 million as a result of the Target stores data security breach, according to a CUNA survey.

In a letter sent today to Senate Banking national security and international trade and finance subcommittee Chairman Mark Warner (D-Va.) and Ranking Subcommittee Member Mark Kirk (R-Ill.), CUNA President/CEO Bill Cheney encouraged Congress to take a holistic approach to addressing data security issues.

"Focusing on one payment method as the absolute answer to solving data security breaches is both shortsighted and distracts from the greater need of a federal data security framework for all entities," he wrote.

"Data breaches occur, in part, because merchants are not required to adhere to the same statutory data security standards that credit unions and other financial institutions must follow, and merchants are rarely held accountable for the costs others incur as a result of the breaches. All participants in the payment process have a shared responsibility to protect consumer data, but the law and the incentive structure today allows merchants to abdicate that responsibility, making consumers vulnerable," Cheney said.

He noted the many steps credit unions have taken since the breach to protect their members, and said some credit unions also face reputational damage due to the breach.

Cheney in the letter said credit unions support three basic principles for data security fixes:
  • All participants in the payments system should be responsible and be held to comparable levels of data security requirements;
  • Those responsible for the data breach should be responsible for the costs of helping consumers; and
  • Consumers should know where their information was breached.
"Consumers need transparency and knowledge to understand where their data has been put at risk," Cheney added.

Similar points will be raised in separate letters to the House Energy and Commerce subcommittee on commerce, manufacturing, and trade and the Senate Judiciary Committee. Those groups have set their own data security hearings for this week. (See Jan. 31 News Now: House, Senate add data security hearings to next week's agenda.)

News Now LiveWire
.@nytimes reports Sen. Harry Reid, Senate Democratic leader since 2005, will not seek re-election next year,
1 hour ago
Cornerstone CU Union Foundation says it's prepared to assist #CUs & their employees affected by severe storms in Arkansas and Oklahoma.
12 hours ago
In 2014,use of remote deposit capture experienced 13% increase to 51%. But checking a balance continued to B the most common mobile activity
12 hours ago
'Fixing Your Finances' part of @PCUA's #iBelong campaign @fox43 @Bellco_CU @Members1stFCU
15 hours ago
Home prices outpacing income growth in 3/4 of U.S. markets @RealtyTrac
17 hours ago