News Feed

Congress Addresses Data Security, Retailer Responsibility, in Wake of Target Breach

Mon, Feb 3, 2014

Washington, District Of Columbia

Data security, and the matter of how to protect confidential financial information in an increasingly tech-dependent marketplace, have been thrust onto center stage on Capitol Hill in the wake of the Target and Neiman-Marcus data breaches. 

Congress is now considering now fewer than four separate bills to address different aspects of the issue, with more no doubt on the way as lawmakers attempts to respond to the complex and rapidly evolving situation.

The Maryland/DC Credit Union Association proactively reached out to our Congressional delegation, as League President John Bratsakis personally delivered a letter to our federal lawmakers urging support for legislation that would create a national standard for protecting consumer financial information, and require retailers to improve their safeguards.  Currently credit  unions and other financial institutions are subject to stringent data protection and consumer notification requirements under the Gramm-Leach-Bliley Act; merchants are not, creating a gap in the legal and regulatory rules governing protection and use of financial information.

"Consumers are the key," noted a senior House Financial Services Committee aide. "If focus is kept on the impact of data theft on consumers, financial institutions can expect to get help from Congress.  If the merchants make this into a repeat of the interchange fight, industry vs. industry, you are going to have a tough go." 

The National Retail Federation is apparently attempting to create the perception of an industry turf war.  In a January letter to Congress, NRF blamed financial institutions and card issues for the breaches, saying technological updates are resisted by credit unions, banks and Visa/Mastercard.  NRF also clouds the issue by calling for a "uniform notification standard" while avoiding any discussion of shared financial responsibility. 

Early February will feature hearings on data security in the Senate Banking and Senate Judiciary Committees, as well as in a House Energy and Commerce Subcommittee.  Congressman John Sarbanes sits on this Subcommittee, and will hear from a senior Target official about their actions in the matter.

John J. McKechnie, III
Partner, Total Spectrum