Archive Links

Consumer Archive
CU System Archive
Market Archive
Products Archive
Washington Archive

News Now

CU System
Washington state CUs introduce data breach bill
FEDERAL WAY, Wash. (1/27/09)--In the wake of the Heartland Payment Systems data breach announced last week, Washington state's credit unions once again have introduced legislation to encourage financial institutions to take "extraordinary proactive steps" to protect consumers from identity theft and financial fraud after a breach.
Click to view larger image Washington State Rep. Brendan Williams, the prime sponsor of the Washington Credit Union League's data breach bill HB 1149, introduces the proposed legislation to the state House Financial Institutions and Insurance Committee. (Photo provided by the Washington Credit Union League
Receiving its first hearing before the Full House Financial Institutions and Insurance Committee hearing Thursday, HB 1149 is sponsored by State Reps. Brendan Williams (D-22), Dan Raoch (R-31), Geoff Simpson (D-47), Steve Kirby (D-29), Hans Dunshee (D-44), Sharon Nelson (D-34) and Timm Ormsby (D-33). Like a similar proposal last year, the bill would allow credit unions and other financial institutions to sue negligent data breachers for the cost of aggressively protecting Washingtonians' personal and private information. Some of the state's financial institutions have reported that more than half their card base is affected by the breach of Princeton, N.J.-based Heartland Payment Systems, a company that completes about 100 million transactions per month for more than 250,000 merchants. According to the Washington Credit Union League, most credit union leaders believe that the breach's effect during the initial days is just the tip of the iceberg, and they've begun to notify members, block accounts, reissue cards and numbers, and provide ongoing fraud monitoring--standard operating procedures after a breach. "The state's credit union community is appalled, but unfortunately not very shocked by the immense size of the Heartland data breach," said league President/CEO John Annaloro. "In far too many cases, negligent data breachers do business as if they were immunized from liability when they fail to protect their customers' personal information. In our view, if someone's careless actions result in a financial loss to others, they should have to pay it." Taking aggressive steps to protect members from financial fraud and identity theft is becoming cost prohibitive, the league said, because the frequency and size of data breaches is skyrocketing. A financial institution pays roughly $20 per card, depending on the extent of the action taken. The total doesn't include costs associated with staff time, which can be as much as 30 minutes per card, or the negative impact a breach has on a financial institution's reputation. "While there are processes that are supposed to provide some reimbursement for fraud losses, the truth is that these processes only recoup pennies on the dollar," said Stacy Augustine, league senior vice president in charge of government relations. "More important, the costs that are recouped don't pay anything toward costs associated with a financial institution's proactive steps to protect consumers from fraud and identity theft," she said. Rep. Williams, the bill's prime sponsor, stated in a letter to colleagues last year that financial institutions--as opposed to negligent actors who breach their customers' security--end up footing the bill after a data breach is reported. He noted there should be some sanction for gross negligence that compromises credit and debit card information. Last year's bill died when it didn't come out of committee. It was opposed by a number of industries, including the Washington Bankers Association and the Community Bankers Association of Washington. "Credit unions hope that our for-profit banker counterparts will take a pro-consumer position on this new legislation," said Annaloro. "I have no doubt that had this consumer protection legislation made it to a vote on the floor of the Senate, the state's financial institutions would be aggressively and proactively protecting all of our state's consumers from financial fraud and identity theft in the wake of the Heartland data breach."


RSS





print
News Now LiveWire
Registration lottery for #CreditUnion #CherryBlossom Ten Mile Run opens Monday, Dec. 1 http://t.co/AGkKPof5Fy. Race is April 12
12 hours ago
The turkey hasn't even been served and #creditunions are already making plans for #GivingTuesday
14 hours ago
.@bankofamerica's $16.65 billion 'toxic mortgage' settlement finalized http://t.co/BIq1QyImXG
15 hours ago
RT @CUNA: #NussleReport: ICYMI: Revised RBC proposal in January w/a 90-day comment period #Fix RBC http://t.co/T4JcvWBDse
17 hours ago
.@TheNCUA release on Nov. prohibition orders out already. Here: http://t.co/YkA1QIYbYa
17 hours ago