Treasury official pledges to work with CUs to improve breach notices
WASHINGTON — Credit unions could have a role to play in improving data breach notifications.
That was the message from Brian Peretti, director at the office of cybersecurity and critical infrastructure protection at the U.S. Department of Treasury, during a Q&A Monday as part of the National Association of Federally-Insured Credit Unions’ Congressional Caucus. Attendees asked Peretti if the Treasury would look into a type of system that would allow credit unions to send more timely breach notifications to members.
“Let’s work together to solve that problem,” Peretti responded. “That’s exactly the type of problem that we want to work on … you identified a gap that’s out there. The system isn’t working the way you need it to work, [so] how do we work with you to be able to fill that?”
Reputational risk post-data breach continues to be a concern for businesses of all stripes. A whopping 90% of respondents in a recent Experian survey said they were more likely to forgive organizations that promptly send data breach notifications.
But credit unions often take the blame during breaches, even when they are not at fault. Another conference attendee questioned what Treasury is doing to ensure data security nontraditional financial services providers is on par with old school banks and CUs.
“We don’t have an answer today,” Peretti said. “A lot more vendors are in the space than there were in the past, which of course changes that dynamic.”
It’s no secret that data privacy and data security have long been concerns in the credit union industry. National Credit Union Administration Chairman Rodney Hood recently said cybersecurity concerns keep him up at night, and his colleague on the board, Mark McWatters, went before Congress last fall to reiterate the regulator’s long-standing requests for third-party vendor oversight in wake of rising cybersecurity concerns.
But the way to tackle this issue is to maintain engagement, Peretti advised, emphasizing the need for feedback from organizations.
Still, a data security bill isn’t likely to be seen for a while. Brad Thaler, NAFCU’s VP of legislative affairs, shared during a panel discussion that the bills mostly likely to be successful in the current Congress include bipartisan-supported proposals geared toward marijuana banking and AML/BSA compliance – none of which tackle data security issues.