With more information about the scope and severity of the Equifax data breach leaking out almost on a daily basis, Gov. Andrew Cuomo of New York proposed regulations that would subject credit reporting agencies to the state’s cybersecurity rules.
William J. Mellin, president/CEO of the New York Credit Union Association, issued the following statement:
The Equifax data breach and their bungled response yet again underscore the need for a robust cybersecurity framework at the federal level. The bottom line is, what we’re doing now from a cybersecurity standpoint is just not working.
Far too often we are seeing the same reaction from organizations that have failed to adequately protect consumers’ data: a press release that’s light on details released long after the breach was discovered; a year of free credit monitoring; and an apology and a commitment to do better.
That’s no longer enough.
While New York state should be applauded for imposing common sense requirements on credit reporting agencies, what is ultimately needed are uniform standards imposed on all businesses that maintain confidential information, and legal ramifications for those entities that don’t live up to their end of the bargain.
Meanwhile, credit unions and the millions of consumers they serve—who played no role in having their personal information compromised—are bearing the real brunt of these data breaches. Consumers and credit unions alike need a course of action to recover costs associated with these types of cybersecurity incidents, which are alarmingly becoming more and more severe.
New York’s credit unions favor strong uniform standards, coupled with a legal framework that truly holds companies responsible when they fail to safeguard the personal and financial information of consumers. Every business and entity that collects or stores this type of information should be subject to the same strict standards. And if Congress cannot act unilaterally to solve the gaping holes in our nation’s cyber-infrastructure, then the state of New York should.