Banks and credit unions don’t often find common ground, but seven trade associations from across the financial services industry have joined together to demand stricter cybersecurity standards to protect against future data breaches.
With tax reform finished, financial groups want lawmakers to focus on ensuring that all entities, particularly merchants, safely handle private consumer data.
In a letter this week to U.S. Reps. Greg Walden, R-Ore., and Bob Latta, R-Ohio, who chair the House Committee on Energy and Commerce and the Subcommittee on Digital Commerce and Consumer Protection, the groups called on legislators to enact stronger national data security standards and breach-notification requirements. The letter, in response to a Dec. 8 request for comment on data breach legislation, was signed by the Credit Union National Association, National Association of Federally-Insured Credit Unions, American Bankers Association, Consumer Bankers Association, Independent Community Bankers of America, Financial Services Roundtable and the Clearing House.
"Stopping breaches is critical for consumers, and also important to our members who often have the closest relationships with those affected,” the trades wrote. “Data breaches impose significant costs on financial institutions of all sizes because our first priority is to protect consumers and ensure that they have no liability for fraud that typically follows a breach. Our members provide relief to victims of breaches, regardless of where the breach occurs.”
The letter cites the financial industry’s unanimous support of the Data Security Act (HR 2205) during the last Congress and outlines three goals for future data security legislation:
- Ensure that all entities are required to protect sensitive personal and financial data.
- Require timely notification of consumers and impacted parties that are at risk in the event of a breach.
- Ensure compliance through appropriate state and federal oversight, recognizing existing federal obligations for the financial industry to both secure data and notify consumers of a breach, and eliminate overlapping and inconsistent laws and regulations.
“Any legislation enacted into law must ensure that all entities that handle consumers’ sensitive financial data have in place a robust — yet flexible and scalable — process to protect data, which must be coupled with effective oversight and enforcement procedures to ensure accountability and compliance,” the trades wrote. “This is an important step to limit the onslaught of breaches and reduce risks to consumers and the significant costs imposed on our members from breaches. This standard should apply to all entities that handle sensitive personal and financial data in order to provide meaningful and consistent protection for consumers nationwide.”