Our state had the honor of providing the single witness from a financial institution who testified on behalf of the Credit Union National Association (CUNA) at a Congressional subcommittee hearing that explored the problem of data breaches, as well as what to do about it. And just days afterward, draft legislation containing principles cited in her testimony was introduced to address the problem.
Kim Sponem, (right), President & CEO of Summit Credit Union testified in Washington, D.C. on behalf of CUNA. She addressed the House Financial Services Subcommittee on Financial Institutions and Consumer Credit at a hearing entitled "Examining the Current Data Security and Breach Notification Regulatory Regime."
As part of her testimony, Kim explained that:
- credit union members endure lengthy inconvenience and anxiety once their personal information has been compromised, and can face steep costs to enact corrective measures
- financial institutions foot the bill when companies fail to secure personal data
- breaches cost Summit Credit Union over $1 million in 2017 alone
- credit unions' costs comes at the expense of all credit union members, who are equal owners of the member-owned cooperatives. These costs include replacing cards, monitoring accounts, assisting members and absorbing fraud-related losses
- there is no incentive for companies holding personal information to protect it, but that they should either not store personal data or be held to a national standard
- communicating a breach in a timely manner is essential; it allows consumers and financial institutions the ability to reduce possible losses with early detection and awareness
- legislation should set a national standard for all companies holding personal information, require them to communicate breaches in a timely manner and hold negligent companies responsible to bear the costs.
She also answered questions about the timeline for notifications, annual costs to her credit union, merchants' role in breaches, and the steps her credit union takes to secure member data.
Credit unions have long advocated to hold merchants, and others who handle sensitive consumer information, accountable to the same standards credit unions and financial institutions adhere to under the Gramm-Leach Bliley Act. Wisconsin credit unions, through their League, have pursued data security legislation and litigation, including lawsuits against and Home Depot and Equifax.
The costs of data breaches are passed on to all credit union members, who are equal owners of the member-owned cooperatives.
Wisconsin credit unions come together as a single League to Unite for Good; we remove barriers, increase awareness and foster service excellence. All of these steps help more Americans to see credit unions as their best financial partner and regard their credit union as their primary financial institution. Read more articles in our Unite for Good series.