WASHINGTON—A group of financial industry trade associations, including CUNA, NAFCU and the American Bankers Association, has sent a joint letter to Congress regarding data security.
The letter said in part that it wants to remind legislators of the “current robust regulatory regime already in place that requires financial institutions to protect the financial information of their customers/members and to notify them in the event of a breach that is likely to put them at risk.”
In drafting any legislation, the group called on Congress to consider:
- Strong national data protection and consumer notification standards with effective enforcement provisions must be part of any comprehensive data security regime, applicable to any party with access to important consumer financial information.
- That banks and credit unions are already subject to robust data protection and notification standards. These Gramm-Leach-Bliley Act (GLBA) requirements must be recognized.
- That inconsistent state laws and regulations should be preempted in favor of strong Federal data protection and notification standards.
- That In the event of a breach, the public should be informed where it occurred as soon as reasonably possible to allow consumers to protect themselves from fraud. Banks and credit unions, which often have the most direct relationship with affected consumers, should be able to inform their customers and members about the information regarding the breach, including the entity at which the breach occurred.
- That “too often, banks and credit unions bear a disproportionate burden in covering the costs of breaches occurring beyond their premises. All parties must share in protecting consumers. Therefore, the costs of a data breach should ultimately be borne by the entity that incurs the breach.”
The letter notes that banks and credit unions are already subject to numerous laws regarding protecting member and customer data, and that the “same cannot be said for other industries, like retailers, that routinely handle this same information and increasingly store it for their own purposes.”
The letter added that banks/CUs accounted for just 5.5% of all breaches in 2014, while other businesses accounted for 33%.
Also signing the letter were the Consumer Bankers Association, Financial Services Roundtable, Independent Community Bankers of America, and The Clearing House.
Related
NASCUS CU Cyber Security Symposium