As community banks continue to seek fair and equitable regulation, one area in need of greater consistency is how we protect against massive data breaches.
Not a month goes by that we don’t hear about a new retailer breach like the one most recently at photo vendors serving major retailers such as CVS and Costco. Capitol Hill must address our nation’s lopsided system of security standards for payments system participants.
Banks, including community banks, already comply with a bevy of mandates under existing federal and state laws, regulations, and guidance. However, retailers and other parties that process or store consumer financial data are not subject to the same federal data security standards and oversight as financial institutions, which are laid out in the Gramm-Leach-Bliley Act. These standards apply to the smallest church basement credit union and Main Street community bank—but not to multi-billion-dollar retailers.
To effectively guard against cyber threats and data breaches, Congress must ensure all participants in the payments system—including merchants—are required to play by the same set of rules. The Data Security Act of 2015 (H.R. 2205) would help, by establishing a scalable and flexible national data security and notification law in place of the current patchwork of state standards. It also would require any business that maintains sensitive information to protect the confidentiality and security of that information.
While the lightly regulated retail sector wields considerable power in Washington, that doesn’t mean it should be off the hook for the breaches it incurs. Securing data at financial institutions is of limited value if it remains exposed elsewhere. Applying consistent standards to all system participants is crucial to truly protecting the sensitive information transmitted through our payments system. The financial services industry is working with Congress to find ways to better protect consumers—there is still a spot at the table for retailers to join the discussion.
Karen Thomas is Senior Executive Vice President for Government Relations and Public Policy of the Independent Community Bankers of America
Please read our comment policy before commenting.