Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

Washington
CUNA tells Congress: Data security's very framework must be addressed
WASHINGTON (2/3/14)--Congress should take a broad look at how consumer data is secured and the improvements that are necessary to prevent future breaches from taking place, the Credit Union National Association said in a letter submitted for the record of a Senate Banking Committee data security hearing scheduled this week.

The hearing, entitled "Safeguarding Consumers' Financial Data," follows last year's Target data breach. That breach resulted in the theft of 40 million debit and credit cards, and encrypted PIN data, and the names, mail and email addresses, and phone numbers of up to 70 million individuals. Credit unions have already incurred costs estimated to be in the range of $25 million to $30 million as a result of the Target stores data security breach, according to a CUNA survey.

In a letter sent today to Senate Banking national security and international trade and finance subcommittee Chairman Mark Warner (D-Va.) and Ranking Subcommittee Member Mark Kirk (R-Ill.), CUNA President/CEO Bill Cheney encouraged Congress to take a holistic approach to addressing data security issues.

"Focusing on one payment method as the absolute answer to solving data security breaches is both shortsighted and distracts from the greater need of a federal data security framework for all entities," he wrote.

"Data breaches occur, in part, because merchants are not required to adhere to the same statutory data security standards that credit unions and other financial institutions must follow, and merchants are rarely held accountable for the costs others incur as a result of the breaches. All participants in the payment process have a shared responsibility to protect consumer data, but the law and the incentive structure today allows merchants to abdicate that responsibility, making consumers vulnerable," Cheney said.

He noted the many steps credit unions have taken since the breach to protect their members, and said some credit unions also face reputational damage due to the breach.

Cheney in the letter said credit unions support three basic principles for data security fixes:
  • All participants in the payments system should be responsible and be held to comparable levels of data security requirements;
  • Those responsible for the data breach should be responsible for the costs of helping consumers; and
  • Consumers should know where their information was breached.
"Consumers need transparency and knowledge to understand where their data has been put at risk," Cheney added.

Similar points will be raised in separate letters to the House Energy and Commerce subcommittee on commerce, manufacturing, and trade and the Senate Judiciary Committee. Those groups have set their own data security hearings for this week. (See Jan. 31 News Now: House, Senate add data security hearings to next week's agenda.)
RSS print
News Now LiveWire
#100MM growth? Look at millennials, philosophies that align w/ #creditunions @MyFoxTampaBay See #NewsNow http://t.co/Fsjay52a5m
11 minutes ago
96 #creditunions across Britain have applied for funding from Lloyds Banking Group #CreditUnion Development Fund http://t.co/quq3OEE0Qq
15 hours ago
Eight new ideas hatched from @fileneresearch innovation incubator #NewsNow http://t.co/h6Ev6q3HnQ
16 hours ago
Homebuilder confidence continues to climb #NewsNow #Market http://t.co/UTBSpmoeZD
18 hours ago
Mich. league issues 4th consecutive dues rebate #NewsNow http://t.co/MGxMRRLrkb
19 hours ago