Congress must act on data security breaches
Headlines about huge data security breaches are so common that they almost seem like business as usual. Just a few weeks ago, Yahoo Inc. admitted that its 2014 data breach affected at least 500 million users. If that estimate is correct – and no one has contradicted it so far – that breach is now the largest on record, surpassing the MySpace breach that hit 427 million users a few months ago.
The breach – like so many others – compromised numerous pieces of sensitive data, including users’ names, email addresses, phone numbers, birth dates, passwords and security questions. That doesn’t just put consumers’ email accounts at risk, but it makes their financial accounts vulnerable as well.
We at NAFCU know that nothing will change until retailers and others step up to take responsibility for the security of their systems in the same way credit unions and financial institutions do.
This continuing onslaught of hacks and data breaches erodes consumers’ trust and opens them to serious financial and identity theft risk. Furthermore, credit unions and other financial institutions are on the hook to pay for these events – replacing countless payment cards and making consumers whole again. Credit unions are taking care to protect their members’ sensitive information, but credit unions can’t control what Target or Home Depot does. This repeated process makes consumers justifiably nervous, and the increasing costs for credit unions make it more and more difficult for them to offer the excellent products and services they’re known for.
Observers of Congress predict that lawmakers will consider data security legislation in early 2017. The NAFCU-backed “Data Security Act” (H.R. 2205/S. 961) would establish a strong national data security standard for retailers similar to what credit unions already follow under the Gramm-Leach-Bliley Act. Introduced in the House by Rep. Randy Neugebauer, R-Texas, with Rep. John Carney, D-Del., as an original cosponsor, and in the Senate by Sens. Tom Carper, D-Del., and Roy Blunt, R-Mo., the bill would also establish strict disclosure rules – requiring retailers tell consumers when their information has been compromised – and protect consumers’ and financial institutions’ ability to sue retailers for financial and punitive damages.
The Yahoo breach and others are making lawmakers sit up and take notice – not a moment too soon. As the 114th Congress nears its conclusion, NAFCU is urging lawmakers to act as soon as possible to make these standards a reality. The sooner retailers are made to take responsibility for their data security measures, the sooner consumers can have more peace of mind and credit unions can spend more time focusing on what they do best – serving their members.