SACRAMENTO, Calif. (2/19/14)--Diana Dykstra, president/CEO of the California and Nevada Credit Union Leagues, urged legislators to take action to reduce consumer credit data breaches in testimony during Tuesday's special joint informational hearing of the California Assembly Judiciary and Banking and Finance Committees on personal data.
Citing Credit Union National Association statistics, Dykstra noted the Target credit card data breach has cost the nation's credit unions more than $30 million before fraud costs were taken into account. Also, 4.6 million cards were reissued by credit unions at an average cost of $5.68 per affected card.
California's credit unions have been swarmed by consumer calls about their personal data, requiring the non-profit, member-owned organizations to absorb millions in additional costs, she said.
Dykstra urged the panel to incentivize retailers and third parties they contract with to better protect consumer data with tougher laws.
She referred to stricter laws in other states that shift the liability and levy penalties onto retailers responsible for data breaches--noting there are 46 states with disparate laws enacted to reduce data breaches. Nevada, Washington and Minnesota are among the states that have stricter laws than California.
"Where California has stopped, some other states have kept going to address the inequities and lack of responsibility that currently exists in the system," she noted. "Retailers have no real security standards, no financial responsibility when a breach occurs and no mandate to notify the public and hinder the financial institutions' ability to inform the consumer where the breach occurred. Unfortunately, both state and federal law as it exists today, allows merchants to abandon that responsibility, leaving consumers exposed."
Co-chaired by Assemblymen Roger Dickinson (D-Sacramento) and Robert Wieckowski (D-Fremont), the special joint committee information hearing focused on ways to prevent future personal data breaches. In addition to Dykstra, representatives from the banking industry, consumer groups, retailers, and credit card industries also testified.
On the federal level, the Credit Union National Association has urged the U.S. Congress to take a broad look at how consumer data is secured and the improvements that are necessary to prevent future breaches.
In a statement submitted for a Senate hearing, CUNA President/CEO Bill Cheney wrote, "Data breaches occur, in part, because merchants are not required to adhere to the same statutory data security standards that credit unions and other financial institutions must follow, and merchants are rarely held accountable for the costs others incur as a result of the breaches.
"All participants in the payment process have a shared responsibility to protect consumer data, but the law and the incentive structure today allows merchants to abdicate that responsibility, making consumers vulnerable."