110th CONGRESS, LEGISLATIVE ISSUES A - Z

DATA SECURITY

Data Security Legislative Comparison of Key Issues for Credit Unions

Prepared by CUNA

There have been increasing problems over the theft of sensitive information resulting from data security breaches. The frequency of major credit data compromises has been growing at an alarming rate, and has had severe consequences on American consumers, credit union members and the financial institutions that issue credit and debit cards – particularly credit unions and small banks.

There is significant debate among business groups, privacy advocates, and the financial industry as six congressional committees move ahead at varying speeds and with various proposals to determine the best policy to protect consumers’ personal identifying information.

CUNA identified 7 key issues that we will be monitoring as Congress moves ahead with data security proposals:

Consumer Notice -- Data security breaches have negatively impacted credit unions, exposing their members and consumers to identity theft and fraud. Without being able to disclose the source of the breech, credit unions are exposed to “reputation risk” – the loss of confidence in the credit union by the members, in addition to actual monetary costs. CUNA would like to see initiatives pursued that would require the major credit card companies to notify financial institutions when a breach has occurred, and for financial institutions to be able to disclose the source of the breach to the consumer.

Reimbursement -- CUNA supports the requirement that the breaching party (i.e., the merchant) reimburse the consumer or financial institution for any losses incurred. Contracts undoubtedly cannot adequately resolve this problem because the credit union or another financial institution typically will not have a contractual agreement directly with a merchant or other data collector responsible for a particular data breach.

Preemption of State Laws (National Standard) -- CUNA supports uniform, national standards to impose data security safeguards and notification requirements on a wide range of entities engaged in the business of collecting or handling sensitive personal financial information.

Regulatory Burden -- Since credit unions and other regulated financial institutions are not the problem, CUNA urges that new data protection legislation does not impose additional, unnecessary regulatory burdens on financial institutions already subject to the Gramm-Leach-Bliley Act (GLBA) requirements. CUNA would support amending the GLBA to broaden its coverage.

Safe Harbor -- CUNA supports the inclusion of a safe harbor provision which would allow credit unions and other financial institutions to reasonably conclude that the misuse of the illegally acquired information is unlikely to occur when the information has been encrypted.

Credit Freeze --A credit freeze provision would allow consumers to “freeze” their credit reports so that when a credit reporting agency receives a request for the consumer’s credit report the requester will be told that the report is unavailable for viewing. CUNA does not have a position on this issue, but will monitor its development. (Of 182 state bills on data security, 108 include credit freeze provisions).

Data Destruction -- CUNA supports efforts to require merchants to comply with existing regulations on data destruction, ensuring that no merchant or its agent accepting a credit or debit card in connection with a transaction, or processing the information, shall retain personal data from that credit or debit card.

Copyright © 2012 Credit Union National Association