BIRMINGHAM, Ala. (4/2/09)--The Alabama Credit Union League (ACUL) introduced a bill in the Alabama legislature to protect consumers’ financial data. Senate Bill 545 is sponsored by State Sen. Roger Bedford (D-6), and House Bill 797 is sponsored by State Rep. Tammy Irons (D-1). The legislation, originally introduced in the 2008 session, generated significant discussion in the legislature, said the league. “We knew going into this that legislation of this magnitude takes multiple sessions to pass,” said Gary B. Wolter, ACUL CEO. “However, with new breaches still occurring, such as the Heartland [Payment Systems] breach, it is imperative that we keep pushing this important piece of legislation, gaining momentum and traction in the legislative process. Credit unions and their members appreciate the hard work of Sen. Bedford and Rep. Irons for their dedication to this important bill.” The bill contains three major provisions to address the growing problem of sensitive financial information being compromised. It:
* Requires that entities experiencing a data breach must notify consumers. Alabama is among a shrinking number of states that has no notification requirement, leaving financial institutions and consumers with inadequate information to protect accounts after a breach, ACUL said. * Prohibits the retention of sensitive consumer financial data, such as the content of a magnetic stripe on a plastic card, a personal identification number, or a card validation code. The requirement follows the existing standards from the Payment Card Industry Data Security Standard. * Requires any entity that experiences a breach and that has held such prohibited data reimburse the issuing financial institution for the cost of reissuing cards and /or take appropriate steps to protect accounts at risk.
“This legislation will help ensure that anyone who uses this most sensitive account information must be as careful with it as are credit unions,” Wolter said. “Essentially, the bill protects consumers and ensures a fair environment for everyone because when someone other than the consumer’s financial institution stores all the keys to a person’s account, it creates problems. It is not a question of if there will be a serious breach, only when it will be and how bad will it be.”