There is a lot happening lately in the financial sector to help stem the tide of constant data breaches. This week a financial industry coalition in the US is promoting a campaign called “Stop The Data Breaches” to encourage people to get their members of congress to pass The Data Security Act of 2015 (H.R. 2205 and S. 961).
The effort is backed by seven trade groups, including the American Bankers Association, the Consumer Bankers Association, the Credit Union National Association and the National Association of Federal Credit Unions (NAFCU). By running online and print ads, they are trying to get Congress to enact this important legislation that would protect consumer data.
A few weeks ago, on May 12, 2016, the Federal Deposit Insurance Corporation (FDIC) was in front of a Congressional Subcommittee to answer if Americans can trust the FDIC to protect their private banking information. One of the interesting outcomes was the FDIC announcing a new cyber security initiative after 5 more breaches. Part of this initiative is the implementation of Digital Rights Management technology to locate, recall and/or render data useless when appropriate. This new development should have a major impact on the financial sector who will follow suit if they have not implemented this type of data-centric and people-centric security approach already.
According to a National Association of Federal Credit Unions (NAFCU) survey, the average cost of a merchant data breach in 2014 was near a quarter of a million dollars, while some breach costs reached tens of millions. Passing the pending federal legislation will help improve the security posture of financial institutions and any organization that handles personally identifiable and financial information. It requires any entity that handles sensitive personal and financial data to protect that data. It builds upon existing legislation and replaces the current patchwork of inconsistent state data security and breach notification laws with a clearly defined, uniform set of standards.
Consumer data remains vulnerable. Security should not be an afterthought. Rather than pointing fingers at who is responsible for consumer data security, everyone should protect consumer data. Below is a short list of 3 key steps you may want to use as your Security Blueprint for your data:
• Find your sensitive data and classify it.
• Implement usage policies to limit who can access it and what they can do with it.
• Monitor usage to detect unusual behavior.
This is a good start to help Stop the Data Breaches. Call, write, email or text your legislator today to get them to pass The Data Security Act of 2015.
