Go to:

February 2019
< Jan Mar >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

House Subcommittee to Mark Up Breach Notification Draft
Tuesday, March 24, 2015 6:25 AM

U.S. House Energy and Commerce Committee lawmakers continue their scrutiny of The Data Security and Breach Notification Act of 2015 this week as that panel's subcommittee conducts a scheduled markup of the discussion draft on Wednesday.

The subcommittee on commerce, manufacturing and trade examined the bill during a hearing last week. Just prior to that session, CUNA President/CEO Jim Nussle sent letters to subcommittee leadership reminding that there is a "weak link in the payments system that leaves consumers' financial data vulnerable to theft by domestic and international wrongdoers."

"The weak link," Nussle stated, "is the absence of federal data security standards for the merchants that accept payment cards." CUNA advocates that merchants be held to high data protection standards just as credit unions and other financial intuitions are under the Gramm-Leach-Bliley Act.

CUNA is asking the House Financial Services Committee to take a leadership role in the effort to design a legislative response to the problem, and they back legislation with these principles:

  • Strong national data protection and consumer notification standards with effective enforcement provisions must be part of any comprehensive data security regime, applicable to any party with access to important consumer financial information;
  • Banks and credit unions are already subject to robust data protection and notification standards. These Gramm-Leach-Bliley Act requirements must be recognized;
  • Strong federal data protection and notification standards should preempt inconsistent state laws and regulations;
  • In the event of a breach, the public should be informed where it occurred as soon as reasonably possible to allow consumers to protect themselves from fraud. Banks and credit unions, which often have the most direct relationship with affected consumers, should be able to inform their customers and members about the breach, including the entity at which the breach occurred; and
  • As credit unions and banks too often bear a disproportionate burden in covering the costs of breaches occurring beyond their premises, all parties must share in protecting consumers. The costs of a data breach should ultimately be borne by the entity that incurs the breach.