Go to:

July 2018
< Jun Aug >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Data Security Bills Heard in Texas House Business and Industry Committee
Wednesday, April 22, 2015 7:00 AM

The Texas House Business and Industry Committee held a public hearing April 21 to receive testimony on HB 3478 by Rep. Gary Elkins (R-Houston) and HB 3537 by Rep. Yvonne Davis (D-Dallas). These two bills would require merchants to disclose a data breach to the attorney general and send notice of the breach to affected financial institutions. For each card that is compromised, the merchant could pay up to a $50 fine into a data security breach victim compensation fund held and administered by the AG to compensate individuals and financial institutions harmed by the breach.

Rep. Davis explained to the committee that the data breach problem is growing, having a big effect on commerce and consumers who are at increased risk to identity theft when their card information is stolen during a data breach.

Kyle Ashley, president of United San Antonio FCU, testified in support of both bills, explaining the costs at his credit union and to Texas credit unions to replace cards and of fraud losses due to data breaches. 

The Texas Credit Union Association supports both bills.

Don Jones, CIO of Firstmark Credit Union also testified in support of both bills informing the committee of the need for merchants to protect card data if they keep it. The Independent Bankers Association of Texas also testified in support of both bills.

The Texas Retailers Association testified in opposition to both bills, stating that the bill is unnecessary and the solution is the EMV chip-and-pin technology. They represent that this is a contract dispute and that interchange fees already are in place to pay for fraud losses due to breaches.

Numerous other organizations registered in opposition to the bill, including Sprint, TechAmerica, Texas Association of Business, JP Morgan Chase Bank, and others.

The committee asked questions of the witnesses primarily focusing on the issue of the vulnerability of storing the data, risks of data theft during transmission, and why this can't be addressed through contracts rather than legislation.

Rep. Elkins said the problem is that merchants continue to store card data without sufficient protections, and that it does not matter whether the 16-digit card number comes from a mag stripe or a chip; that if the merchants store the card number without sufficiently protecting it, they should be responsible for losses resulting from their actions. He urged the committee to move the bill forward so the full House can debate the issue.  

"Credit Unions appreciate Rep. Davis and Rep. Elkins bringing forward these important bills. Data security breaches are a significant problem, and bills like this are critical to securing the payment card system," said Dick Ensweiler, CEO/president of the Cornerstone Credit Union League.

The bill was left pending.

For further information, contact Jeff Huffman, president of the Texas Credit Union Association, at (469) 385-6488 or