Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

Washington
Senators call for faster breach notification from merchants
WASHINGTON (2/5/14)--"American consumers deserve to know when their private information has been compromised and what a business is doing in response to a cyberattack," Sen. Patrick Leahy (D-Vt.) said during a Tuesday Senate Judiciary Committee hearing.

The hearing follows recent data breaches at Target and Neiman Marcus. Target CFO John Mulligan and Neiman Marcus Group Chief Information Officer Michael Kingston were among those that testified during the hearing, "Privacy in the Digital Age: Preventing Data Breaches and Combating Cybercrime."

After an attack, "time is of the essence for law enforcement seeking to catch the perpetrator, and also for consumers who want to protect themselves against further exposure," Leahy added.

Leahy, who chairs the committee, early this year introduced the Personal Data Privacy and Security Act, which would establish consumer data security standards for companies, and require them to notify consumers when a data breach has occurred.

Merchants and financial services industry will need to move together collectively as data security issues are addressed and the payment system is upgraded, Mulligan told legislators. He said his firm is working closely with federal investigators to catch data breach perpetrators.

While Mulligan advocated for the adoption of chip and PIN technology by card providers and merchants alike, another witness, Symantec Corporation Senior Vice President of Security Product and Services Fran Rosch, said chip and PIN is not a panacea but is a step in the right direction.

Sen. Diane Feinstein (D-Calif.) noted that she introduced a data breach notification bill as early as 2003, but said the bill did not make progress. Companies strongly fought the bill, she said. Any data security bill that moves forward in the U.S. Congress must contain data breach notification provisions for customers, Feinstein said.

The Credit Union National Association has called on legislators to ensure that consumers know where their information was breached. CUNA has also urged legislators to follow two other basic principles as they consider data security fixes:
  • All participants in the payments system should be responsible and be held to comparable levels of data security requirements; and
  • Those responsible for the data breach should be responsible for the costs of helping consumers.
These points were raised in letters sent for the record of data security hearings held this week.

For more of CUNA's data security comments to legislators, use the resource link.
Other Resources

CUNA Letter
RSS print
News Now LiveWire
#NewsNow: Balance needed between 'safety and soundess' and credit availability @CUNA tells @FHFA http://t.co/jAI6sJ3Poo
21 minutes ago
#NewsNow No stretch for CU to loan to fledgling yoga studio http://t.co/4ryQisBtW1
1 hours ago
.@CUNA's Pierce: Every dollar a CU spends on complying with a regulation is a dollar that is not spent to the benefit of its membership.
1 hours ago
(2of2)...that incentive structure for CUs and banks is quite different, and regulatory structure should reflect those differences."
1 hours ago
Pierce: When considering reg burden as it relates to consumer financial protection, it is critical that policymakers understand...(1of2)
1 hours ago