SOUTH BURLINGTON, Vt. (2/10/14)--Joe Bergeron, president of the Association of Vermont Credit Unions, Friday testified before the State Senate Economic Development, Housing and General Affairs Committee in support of legislation to strengthen merchant data security breach standards.
Similar legislation was introduced in the Vermont House last year, at which time Bergeron also testified (
In both instances, Bergeron testified that under federal and state laws credit unions already abide by the kinds of standards and notification requirements being proposed for other types of businesses.
In Florida, a bill was filed in the state House of Representatives' House Civil Justice Subcommittee that addresses similar data security issues. The bill would require corporations, and governmental entities that do business in Florida and collect personal information to provide notice to the Attorney General's office and any persons affected in the event of a breach. Notification would be required within 30 days of the breach's discovery unless a delay is ordered by a state or federal law enforcement agency investigating the breach.
The League of Southeastern Credit Unions' government advocacy team will meet with committee members to discuss the bill, which does not require merchants to cover costs of a loss in breaches where they did not appropriately protect the information.
On the Federal level, U.S. Sen. Patrick Leahy (D-Vt.), chair of the Senate Judiciary Committee, last week chaired a hearing on preventing data breaches and combating cybercrime.
"American consumers deserve to know when their private information has been compromised and what a business is doing in response to a cyber-attack" said Leahy during the hearing. "After an attack, time is of the essence for law enforcement seeking to catch the perpetrator, and also for consumers who want to protect themselves against further exposure."
In a letter to Leahy and Chuck Grassley (R-Iowa), the ranking member on the Senate Judiciary Committee, the Credit Union National Association called on Capitol Hill lawmakers to ensure consumers know where their information was breached. CUNA has also urged lawmakers to require that all participants in the payments system network are held to comparable levels of data security requirements, and that those responsible for a data breach be responsible for the costs of helping consumers.