The Consumer Bankers Association (CBA) is urging Congress to enact federal data security and breach notification standards to protect consumers better.
Federal standards would be preferable to the current patchwork of state laws, CBA President and CEO Richard Hunt said in a letter to Senate Commerce Committee Chairman Sens. Roger Wicker (R-MS) and Ranking Member Maria Cantwell (D-WA).
“In light of recent data breaches and abuses, consumers are rightly concerned about the manner in which their personal information is being collected and how this sensitive information is being both shared and protected,” Hunt wrote. “No industry was immune from breaches in 2018 … However, it is important to note that the non-financial business sector, which is not subject to national data security requirements, was responsible for the overwhelming majority (93 percent) of the personal records compromised. Congress should take seriously its authority and enact a federal data security and breach notification standard and preempt the current patchwork of state laws. With the recent breaches that have put millions of consumers at risk, the need to pass legislation to establish such a standard could not be more evident. Protecting consumer information is a shared responsibility of all parties involved.”
The business sector accounts for 46 percent of data breaches, which is the most of any sector, Hunt said. The healthcare/medical industry accounts for 29 percent, while banks, credit unions, and financial institutions accounted for just 11 percent.
“The low breach-rate of personally identifiable information (PII) at financial institutions compared to other sectors can be attributed to the common-sense safeguards required by GLBA (Gramm-Leach-Bliley Act) and the industry’s commitment to security,” Hunt wrote. “Banks are on the front lines consistently monitoring for fraud and working to make consumers whole, no matter where a breach occurs. From operating advanced fraud monitoring systems to reissuing cards, CBA members spend considerable resources on preventing fraud. As a result, consumers rely on their financial institutions to communicate what to do in the event of a breach and to employ defenses to prevent fraud and identity theft.”