CBA Calls for National Data Security, Breach Notification Standards

May 1, 2019

 

CBA Calls for National Data Security, Breach Notification Standards

Notes banks’ commitment to consumer privacy, low-rate of bank data breaches

 

“Banks are on the front lines consistently monitoring for fraud and working to make consumers whole, no matter where a breach occurs … As a result, consumers rely on their financial institutions to communicate what to do in the event of a breach and to employ defenses to prevent fraud and identity theft.”

 

WASHINGTON – Consumer Bankers Association President and CEO Richard Hunt today reiterated in a letter to Senate Commerce Committee Chairman Roger Wicker (R-Miss.) and Ranking Member Maria Cantwell (D-Wash.) CBA’s support for Congress to enact federal data security and breach notification standards to better protect consumers than the current patchwork of state laws. Without a federal standard preempting state laws, consumer protections will depend on where the individual resides.

 

The letter also discusses ways to prioritize the protection and privacy of consumer data while promoting consumer access to credit.

 

“In light of recent data breaches and abuses, consumers are rightly concerned about the manner in which their personal information is being collected and how this sensitive information is being both shared and protected,” Hunt wrote. “No industry was immune from breaches in 2018 … However, it is important to note that the non-financial business sector, which is not subject to national data security requirements, was responsible for the overwhelming majority (93 percent) of the personal records compromised.

 

“Congress should take seriously its authority and enact a federal data security and breach notification standard and preempt the current patchwork of state laws. With the recent breaches that have put millions of consumers at risk, the need to pass legislation to establish such a standard could not be more evident. Protecting consumer information is a shared responsibility of all parties involved.”

 

A full copy of the letter is available here.

 

The business sector accounts for the most data breaches with 46 percent followed by the healthcare/medical industry at 29 percent, according to the Identity Theft Resource Center. Comparatively, banks, credit unions and other Gramm-Leach-Bliley Act (GLBA) covered financial institutions accounted for just 11 percent.

 

Hunt noted “The low breach-rate of personally identifiable information (PII) at financial institutions compared to other sectors can be attributed to the common-sense safeguards required by GLBA and the industry’s commitment to security … Banks are on the front lines consistently monitoring for fraud and working to make consumers whole, no matter where a breach occurs. From operating advanced fraud monitoring systems to reissuing cards, CBA members spend considerable resources on preventing fraud. As a result, consumers rely on their financial institutions to communicate what to do in the event of a breach and to employ defenses to prevent fraud and identity theft.”

 

CBA points out banks are required to collect PII for compliance with federal regulations, like the Bank Secrecy Act, so any federal standard should take into account different business practices and requirements. Banks also use consumer data to help meet a customer’s financial needs and conduct customer-approved transactions. The use of this data, for example, is far different than social media platforms selling consumer data to marketing firms.

 

###

 

About the Consumer Bankers Association:

The Consumer Bankers Association represents America’s leading retail banks. We promote policies to create a stronger industry and economy. Established in 1919, CBA’s corporate member institutions account for 1.7 million jobs in America, extend roughly $4 trillion in consumer loans and provide $275 billion in small business loans annually. Follow us on Twitter @consumerbankers.