The views expressed by contributors are their own and not the view of The Hill

Sitting ducks no longer: It’s past time to protect our data


In today’s world, it is nearly impossible to keep your personal information personal. When it comes to financial data, consumers are increasingly exposed and run the risk of their personal information getting into the wrong hands with each use of a credit or debit card.

Since data breaches are falling into the category of everyday news, we need to work toward implementing a national data security standard. Consumers deserve to be protected, and our nation’s credit unions — those that serve the financial needs of these consumers — are asking for help from every entity that collects and stores personal financial information. 

{mosads}As of late October, there have been 1,120 recorded data breaches so far this year, according to the Identity Theft Resource Center. For comparison, in all of 2016, there were 1,091 data breaches. 

 

In just the past few months alone, we’ve seen 145 million consumers’ information compromised in the Equifax data breach. This is in addition to the countless other consumers who have had their personal financial data exposed by restaurant and hotel chain breaches. 

While there is no one easy solution to the growing number of data breaches, there are options available that could greatly diminish their frequency. One is to impose accountability; if a data breach occurs, the impacted entity should own the responsibility to make it right. 

This is the message Debra Schwartz, National Association of Federally-Insured Credit Unions (NAFCU) Board treasurer and president and CEO of Mission Federal Credit Union (San Diego, Calif.), gave to a House Financial Services subcommittee Wednesday during a hearing.

Policymakers know that better data protection is essential for effective consumer protection, but this issue goes beyond protecting consumers. Whenever any entity is breached, credit unions and other financial institutions are on the hook for the costs of replacing payment cards and making consumers whole again. 

While credit unions will always do what it takes to serve their members, these costs arise frequently, and they are significant — especially for smaller financial institutions.

This June, a NAFCU survey of its members found that data breaches continue to be costly to the industry. Survey respondents noted that they were alerted about a possible breach to their member’s financial data an average of 189 times in 2016 — an increase over the amount of 2015 alerts for most respondents.

Respondents also estimated that merchant data breaches in 2016 alone cost each credit union approximately $362,000 in direct and indirect costs, including expenses related to monitoring, reissuance, fraud investigation or losses and insurance.

In light of the devastation data breaches cause to consumers and financial institutions, NAFCU and the credit union members we represent across the nation urge Congress to hold all entities to the same federal data standards that financial institutions follow under the Gramm-Leach-Bliley Act.

In addition, they emphasize that any comprehensive data security legislation would:

Work on data and cybersecurity is ongoing, and hopefully, measures will be passed by Congress to ensure a level playing field for all those who hold onto consumers’ personal data. Credit unions’ priority has always been and will continue to be the well-being of their 110 million member-owners.

Data breaches show no sign of slowing down. It is incumbent on us to take the necessary steps to protect consumers with a national data security standard.

B. Dan Berger is president and CEO of the National Association of Federally-Insured Credit Unions.