Retailers, Bankers Testify on Data Breaches

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.cutimes.com/2015/02/05/retailers-bankers-testify-on-data-breaches

A representative from the National Retail Federation told Congress on
Thursday companies would improve their data security if Congress required
them to meet uniform notification standards in the event of a data breach.

“Congress needs to provide incentives for companies to increase their
security and nothing motivates like sunlight, requiring that every company
have the same public notice obligations will provide this needed light,”
Mallory Duncan, senior vice president and general counsel of the National
Retail Federation, said at a Senate Commerce Subcommittee hearing.

Mallory said requiring all entities that handle sensitive information to
expose any data breaches would be a powerful incentive for them to enhance
their internal data security. Uniform notice can also help individuals take
the necessary steps to protect themselves, he added.

“Congress should not permit notice holes – situations where certain
entities are exempt from reporting known breaches of their own systems. If
we want to have meaningful incentives to increase security, everyone needs
to have skin in the game,” he said.

Doug Johnson, senior vice president and senior advisor for risk management
policy at the American Bankers Association, said security breaches have not
stopped most consumers from using their credit and debit cards.

“No security breach seems to stop the $3 trillion that Americans spend
safely and securely each year with their credit and debit cards. And with
good reason: Customers can use these cards confidently because their banks
protect them from losses by investing in technology to detect and prevent
fraud, reissuing cards and absorbing fraud costs,” he said in his prepared
remarks.

Johnson agreed that a national standard for data security and breach
notification is necessary. He said consumers have a right to swift,
accurate, and effective notification of such breaches.

“They also have a right to trust that, wherever they transact business
electronically, the business is doing everything it can to prevent that
breach from occurring in the first place,” he said.

“We believe the extensive breach reporting requirements currently in place
for banks provide an effective basis for any national reporting requirement
for businesses generally,” he told the committee.

CUNA, NAFCU, the ABA and other trade associations wrote a letter to the
subcommittee in advance of the hearing calling for legislation that holds
breached entities accountable for costs of the incident and ensures
consumers are notified of breaches.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!