Senate Begins Data Breach Legislation Hearings
Today, the Senate Committee on Banking and Financial Institutions held a hearing to discuss data breach legislation. This is the first hearing on the topic, with additional hearings expected to be held this month.
SB 632 provides the framework for a Cyber Security Council, which would comprise members of the retail, financial and business sectors to help create comprehensive data security standards for the State of Michigan.
SB 633 would require notification by retailers who incur a breach within three days of discovering a breach has occurred. The legislation would create the ability for civil action if the notification is not provided within the requisite statutory time period.
In the absence of federal action, the Michigan Credit Union League (MCUL) has led the effort to develop a Michigan solution, working with Senator Darwin Booher (sponsor of SB 632-633), the Michigan Bankers Association and the Community Bankers Association of Michigan.
Christian Financial Credit Union President/CEO Patty Campbell testified at the hearing, speaking on behalf of Michigan credit unions, “We believe the key to success in reducing financial losses and disruption to consumers when a breach occurs is for businesses and financial institutions to work together quickly to mitigate the losses through quick actions to reduce the ability for criminals to use this sensitive information.”
American 1 Credit Union President/CEO Martha Fuerstenau also testified about their experience with the high losses associated with the Wendy’s breach, which was under the radar screen for months, ultimately causing millions in losses to credit unions. “Early notification can mitigate financial losses that we are burdened with because of a breach, and early notification can lessen the reputation risk to the card issuers, who are usually perceived as the weak link in the chain of payment processing by the consumer,” said Fuerstenau.
In the past few years, large data breaches at Wendy’s, Arby’s, Home Depot, Target and Equifax have caused Michigan credit unions preventable fraud losses, significant loss of staff time and damage to reputations in their communities. For instance, the Home Depot and Target breaches cost Michigan credit unions an estimated $4.4 million. On top of bottom lines, credit unions also worry that with each security lapse, they take on additional reputational risk. These risks are often made worse by merchants’ negligence to notify financial institutions that a breach has occurred.
Separately, MCUL has joined data breach lawsuits against many of these retailers and agencies in order to increase security standards that would protect credit unions against future security lapses.
“MCUL’s efforts have contributed to positive outcomes, including settlement with both Home Depot and Target, but longer-term real solutions will only be possible when merchants work together with financial institutions to raise data security standards in order to better protect Michigan consumers from cyber crooks,” said MCUL President/COO Ken Ross. “We applaud Chairman Booher for starting the discussion and look forward to working toward reasonable solutions that meet the needs of both commerce and banking, for the mutual benefit of consumers.”
You can make your voice heard by submitting your name to a card of support. To do so, or for any more information, contact MCUL State Legislative Coordinator Haleigh Krombeen via email or at 800-262-6285 ext. 459.Go to main navigation