Financial groups want same data security standards for retailers

Financial groups want retailers and banks to be held to the same standards when data breaches occur. 

The Credit Union National Association sent a letter to Congress on Friday asking for new rules for how retailers must handle customers’ personal data.  


“The financial industry is required by law to develop and maintain robust internal protections to combat and address criminal attacks, and are required to protect consumer financial information and notify consumers when a breach occurs within their systems that will put their customers at risk,” the letter said.  

“The same cannot be said for other industries, like retailers, that routinely handle this same information and increasingly store it for their own purposes.”

Signed by the Financial Services Roundtable, the Consumer Bankers Association and four other financial trade associations, the letter went on to tell Congress to pass legislation that sets standards for how customers are notified and makes retailers, not banks, reimburse customers when data breaches occur at their stores. 

The groups also asked that all entities receiving payments be subject to robust protections like those in the Gramm-Leach Bliley Act and for banks to be allowed to give their customers the details of data breaches. 

Federal regulations require financial institutions to protect the security, integrity and confidentiality of consumer information. Failure to comply with these statutory and regulatory requirements can result in fines of up to $1 million a day.