BY STEPHEN TREGLIA
Data security regulations are tightening for financial institutions, putting a heavy burden on credit unions when it comes to compliance. To make matters worse, the fines for non-compliance can overlap among the various regulators. “CU Business” sorts out why protecting sensitive data is more imperative than ever for CUs.
While many high-profile data breaches have occurred in the retail and healthcare industries, the financial services sector is not immune. This year,data breaches have occurred at some of the country’s largestfinancial institutions, leading to a renewed discussion about the role that regulators should play in holding financial organizations accountable. To complicate the issue, there are multiplegoverning regulatory bodies.
Many state and federal regulators are stepping up, turning their focus to data security. They areconducting their own examinations and investigations and ultimately levying fines for non-compliance. These actions are not coordinated, and thus financial organizations who are found to be negligent may find themselves subject to multiple fines and lawsuits.
A costly burden for financial institutions
In 2014, there were 42 data breaches in the banking, credit and financial sector, accounting for only 5.6 percent of data breaches overall. But you must also consider that financial institutions are significantly impacted by data breaches that occur in other industries, where they often absorb the costs to re-issue credit cards or apply restrictions when consumers’financial records are breached. For example, a report from the U.S. Consumer Bankers Association (CBA) indicates that re-issuing cards affected by the Target data breach cost over $172 million, without factoring in the costs of fraud that these financial institutions have to swallow. These costs are borne by the financial services industry, not the organizations where the data breach may have occurred.