|Data Security in the Modern World
WASHINGTON – The Subcommittee on Financial Institutions and Consumer Credit held a hearing today to examine the current data security and breach notification regulatory regime, and identify potential opportunities to reform the current framework in order to reduce vulnerabilities and shortcomings in the system and better protect consumers.
As reliance on technology increases, so do data breaches and increased risk to consumers and businesses in all sectors of the economy. Due in part to a patchwork of conflicting state laws, data security and breach notification standards have long been a subject of considerable debate.
“Every year, the number and severity of data breaches seems to increase, and more Americans seem to become victims of fraud and identity theft,” said Subcommittee Chairman Blaine Luetkemeyer (R-MO). “Consumers are left not only facing financial harm but also the daunting task of restoring the integrity of their personal information. Today’s hearing was a good opportunity to hear from a diverse group of witnesses on opportunities to reform the current federal and state data security regulatory regimes in order to reduce vulnerabilities and shortcomings in the system.”
- The increasing frequency and sophistication of cyberattacks demands heightened vigilance and enhanced efforts by the industry participants to safeguard consumers’ financial data.
- Protecting information and systems from major cyber threats – such as cyber theft, cyber terrorism, cyber warfare, and cyber espionage – should be a priority for Congress.
Topline Quotes from Witnesses
“As cybersecurity threats grow increasingly dangerous, it is critical that we establish rational, collaborative approaches to protecting the interests of affected stakeholders to include individual consumers. A uniform federal data breach standard will decrease uncertainty and facilitate rapid and robust responses to significant security incidents; federal guidance on data security will drive stronger security measures across the Internet ecosystem.” -- Aaron Cooper, Vice President, Global Policy, BSA – The Software Alliance
“Summit Credit Union is no different than any other financial institution when it comes to the impact it suffers when a data breach occurs. According to the Identity Theft Resource Center, the number of U.S. data breach incidents tracked in 2017 hit a new record high of 1,579 breaches, which is an increase of 44.7 percent over 2016’s record high. An annual fraud and risk survey from Kroll’s found that in 2017, data theft has surpassed the theft of physical assets. Without enhanced data security protections for all entities involved in the payments process we are likely to see no slowdown in data breaches in the following years.” -- Kim Sponem, Chief Executive Officer and President, Summit Credit Union, on behalf of the Credit Union National Association
“…[a] single, nationwide standard for data security and breach notification would be good for both American consumers and businesses. American consumers would benefit by receiving the same protections for sensitive personal information about them regardless of where they may live. American businesses would benefit from a single standard that can be applied consistently to protect sensitive personal information and to respond to the unfortunate, but inevitable, security incidents. This is a national issue, and I believe that the time is now for Congress to act.” -- Nathan D. Taylor, Partner, Morrison & Foerster LLP
“…[cyber] attacks are emblematic of the fact that U.S. companies and the U.S. government have been and remain vulnerable to attacks, many of which are by actors linked to nation‐states that are adversaries of the United States. Nor are they isolated incidents. As the most recent annual Verizon Data Breach Investigations Report notes, 2016 (the last year for which data is available) saw more than 40,000 incidents and almost 2,000 confirmed breaches. So make no mistake, cyber threats are real, and recent experience has shown that neither the private nor public sectors are fully equipped to cope with them.” -- Paul Rosenzweig, Senior Fellow, R Street Institute