Go to:

March 2019
< Feb Apr >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

CUNA Makes Case for Merchant Liability for Data Breaches
Tuesday, July 31, 2018 6:50 AM

Credit Union National Association wrote to Rep. Bob Latta (R-Ohio), chair of the House Energy and Commerce subcommittee on digital commerce and consumer protection Friday regarding  how losses to credit unions from merchant data breaches impact credit unions. 

“CUNA favors data security legislation that places liability on a business that loses consumer information through a data breach and creates a mechanism for those harmed by the breach to recover losses from the breached entity," the letter reads. "Although we believe breached entities should be responsible to others harmed from the breach, we believe Congress should consider how a member of a member-owned financial institution is harmed in multiples ways by a data breach. Absent specific liability requirements, CUNA would not support legislation that diminishes a credit union's ability to recover through common law or other state provisions.” 

The letter highlights several other priorities including:  

  • A flexible, scalable standard equivalent to what is in the Gramm-Leach-Bliley Act (GLBA) for data protection; 
  • A GLBA equivalent notification regime requiring timely notice to impacted consumers, law enforcement, and applicable regulators when is a reasonable risk exists that a breach of unencrypted personal information exposes consumers to identity theft or other financial harm; 
  • Consistent, exclusive enforcement of the new data security and notification national standard by the Federal Trade Commission and state attorneys general; and  
  • Clear preemption of the existing patchwork of often conflicting and contradictory state laws for all entities that follow this national data security and notification standard. 

CUNA and other financial trade associations stressed the importance of meeting certain requirements to create a robust data security legislation that will provide adequate consumer protection for those harmed by data breaches.