Go to:

July 2018
< Jun Aug >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Texas House Committee Hears Data Security Bill
Tuesday, April 25, 2017 6:55 AM

HB 2333 by Rep. Gary Elkins (R-Houston) received a hearing in the House Business and Industry Committee on Monday. Elkins told the committee that many retailers are not using the Payment Card Industry Data Security Standard (PCI DSS), which would protect consumers’ data. The Intercontinental Hotels Group recently admitted that the breach they reported in February of 2017, originally listed as affecting 12 properties, actually affected 1200 properties. Their properties that had PCI DSS enabled equipment were not breached.

Ron Fox, CEO of Fort Worth City Credit Union, testified on behalf of his credit union and the Texas Credit Union Association in support of HB 2333. The Texas Credit Union Association has been working with Elkins on the bill. Fox told the committee that the Landry’s Restaurant Group’s breach cost his credit union $190,000, a very high cost for a financial institution of his size ($180 million). In addition, his credit union’s reputation suffered. It was also pointed out to the committee that data breaches are one of the primary threats to credit unions and banks.

Elkins addressed committee member concerns about unfairly punishing merchants that are trying to protect consumer data. He offered to work with committee members on an amendment that would protect the merchant from liability if they adhere to the PCI DSS and are hacked.

Elkins’ substitute bill will require notice of a breach by a business when credit and debit card information is compromised to the attorney general and to financial institutions whose card info is lost. It includes a duty of the merchant to protect card data if they keep it, and the attorney general can bring an action against a business that fails to do so. If damages are awarded, a credit union could request reimbursement for reissuance costs and fraud losses they incurred as a result of the breach.

The Office of the Attorney General estimated that it would need to hire 183 fulltime employees, at a cost of $10 million, to address the expected number cybersecurity breach reports.

“We appreciate the work of Attorney General Paxton and his staff working with Rep. Elkins to develop a reasoned approach to protect Texans' credit and debit card information and combating the resulting fraud that occurs when merchants fail to protect sensitive card information,” said Jeff Huffman, Texas Credit Union Association president. “Rep. Elkins articulates the problems and risks associated with not protecting credit and debit card information extremely well. He is correct on the need for the Legislature to address this weakness in the payment card system.”

The bill was left pending.

For more information, please contact Texas Credit Union Association President Jeff Huffman at 469-385-6488 or