MCUL Letter to CFPB: Retailers Should Be Regulated to Protect Consumers’ Private Financial Information (Misc News: February 7, 2014)
MCUL & Affiliates has sent a letter to the CFPB urging the agency to begin regulating retailers in the wake of the Target stores data breach, as well as other recent data breaches at other retailers, that have caused extensive harm to consumers by not implementing proper security protocols and protecting consumers’ sensitive personal and financial information.
MCUL & Affiliates CEO David Adams said the Dodd Frank Act gives the CFPB authority to regulate retailers because this breach has caused substantial injury to consumers.
“MCUL strongly urges the CFPB to engage in supervision of retailers that pointedly fail to take proper steps to protect consumers and their private information in the course of offering and providing consumer financial services,” Adams wrote in the letter. “Consumers would certainly benefit from the regulation of a retail industry that, at the moment, relies on largely self-policing standards that are inadequate to the point of consumer deception.
“MCUL believes that the Dodd-Frank Act’s provisions regarding supervision of nonbank covered persons that engage in behavior that poses risks to consumers in this area provides clear authority for this supervision.”
The letter goes on to say that the Durbin amendment to Dodd-Frank has shifted billions of dollars of interchange income from financial institutions to retailers with no discernable consumer benefit. However, financial institutions still bear most of the risk regarding potential fraud losses.
“This liability dynamic represents an arbitrary windfall that does nothing to encourage real reform or consumer protection, and cuts at financial institutions particularly hard – lost revenue, and lost wherewithal to pay for the sins of the retail community,” Adams said. “It is time to bring shared accountability back into the equation for data breach liability.”
Target Brands announced in December that between Nov. 27 and Dec. 15 – during the busy holiday shopping season – that debit and credit card information of about 40 million consumers had been compromised, a number that has grown to 70 million since. In addition, Neiman-Marcus announced a data breach to its system and Michael’s said that its system may have also experienced a data breach.
Click here to read the full letter.