Credit Unions Are Leading the Data Security Charge
Without data security, even the most robust data privacy structure is simply erased.
The rate and severity of these breaches – and their associated costs – seems to climb every year. Since 2005, over 1.5 billion records have been exposed through nearly 10,000 data breaches! While leaders in Congress are busy discussing ways to keep our data out of the hands of Big Tech, they ignore the all too real threat posed by everyday bad actors illegally obtaining and misusing data for profit and exploitation.
It’s time for Congress to realize that we can’t have data privacy without data security.
These two concepts are often conflated, but it’s important to recognize the difference to ensure that both are accounted for when fixing this growing problem.
Data privacy looks at the ways that data is legally collected, stored, used and destroyed, and how that is disclosed to the public. Data security, on the other hand, is the protection of that data from nefarious actors.
While everyone is likely familiar with the pain of having to change out a credit or debit card stored on so many apps and websites after it’s been compromised through a skim or breach, the truly insidious risk is when a security breach is undetected, and a sophisticated hacker goes on to use machine learning tools to piece together bits of a person’s identity from multiple sources to create a false identity. It’s not unheard of for the Jane Jenkins from Des Moines, Iowa to be mirrored in a digital Jane Jenkins from Shanghai, China, compiling thousands of dollars in credit card debt or worse.
If the individual consequences are scary, the implications of data security and privacy at the national level are a potential nightmare.
Hackers are not typically lone actors. They are often directly or indirectly linked to foreign governments that have an agenda to disrupt U.S. interests for a variety of reasons. All of this means data security and privacy are a national security priority.
Under the Gramm-Leach-Bliley Act, credit unions and other financial institutions have a legal obligation to protect consumer data. Similarly, medical providers are held accountable under the Health Insurance Portability and Accountability Act. Beyond that, there is very little in place to keep Americans safe, and the nonexistent federal data protection standards are paving the way for a patchwork of state- and industry-based solutions that create glaring weak links.
Credit unions understand that there’s a lot to consider in data security and privacy reform. As cooperatives that are dedicated to serving our members, we will do all that we can to protect data. The problem is that we can’t safeguard this data alone. So many others come into contact with our members’ data, and we want these guardians to feel the same sense of responsibility that we feel.
Creating a standard that protects Americans in every rural town, city and state across the country is of paramount importance. We can no longer do nothing. We’ve tried nothing, and it has only made this country and its people exceptionally vulnerable. It’s imperative to protect the privacy of data. But without data security, even the most robust privacy structure is simply erased.
Lance Noggle, Esq., LLM is Senior Director of Advocacy for Payments and Cybersecurity, and Senior Counsel, for CUNA. He can be reached at 202-508-6705.