Go to:

March 2019
< Feb Apr >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Joint Letter from FIs Tells House and Senate: Act on Merchant Data Security Standards
Friday, November 14, 2014 6:40 AM

In conjunction with six financial service organizations, Credit Union National Association President/CEO Jim Nussle sent a letter to U.S. Senate and House leadership Wednesday emphasizing that now is the time for retailers to take responsibility for their data breaches and adopt the same data standards as financial institutions.

The letter is addressed to Senate Majority and Minority Leaders Harry Reid (D-NV) and Mitch McConnell (R-KY), as well as Speaker of the House John Boehner (R-OH) and House Minority Leader Nancy Pelosi (D-CA). It was sent to the legislators just as they were returning to Washington, D.C., after the mid-term election District Work Session.

Merchants must stop putting consumers and their confidential personal financial information in the hands of criminals, the letter said. This follows the Nov. 6 letter from retailers saying that legislation addressing the threat of data breaches must "cover all of the types of entities that handle sensitive information." The CUNA letter rebutted the retailers' missive.

The letter reads, "While merchants and financial institutions are both the targets of these attacks, a key difference is that financial institutions have developed and maintain robust internal protections to combat criminal attacks and are required by federal law and regulation to protect this information and notify consumers when a breach occurs that will put them at risk. In contrast, retailers are not covered by any federal laws or regulations that require them to protect the data and notify consumers when it is breached."

The financial services groups' letter goes on to cite various provisions in the Gramm-Leach-Bliley Act that lay out federal requirements for protecting information and notifying customers in the event of a breach, as well as allowing federal oversight, examination, and even sanctions if deemed necessary.

"In short, an extensive regulatory oversight, examination, and enforcement regime ensures that financial institutions provide robust protections for personal financial information for the American public," the letter reads. "In contrast, no similar internal safeguard regime and regulatory oversight exists with respect to retailers and others, and ironically, certain retail trade groups have been vigorously opposing legislation in both the House and Senate that would bring this about."

This week, the U.S. Postal Service joined the ranks of Target, Home Depot, Michaels, Neiman Marcus, Jimmy Johns, Staples, Dairy Queen and others that had customer data breached by hackers. According to The Wall Street Journal, the USPS breach could have compromised the information of more than 800,000 people.

Rep. Elijah Cummings (D-MD), ranking member of House Oversight Committee, has asked CEOs of Home Depot, Target, and others for briefings on data breaches at their companies (Bloomberg Nov. 12).