SAN FRANCISCO–Credit unions gathered here were given an update and forecast on what to expect when it comes to data security, data privacy, expanded attacks by bankers at the state level and more.
Speaking to NASCUS’ State System Summit here, Megan Balogh, director of corporate and legislative affairs with CUNA Mutual Group, covered a range of issues on which credit unions were urged to get up to speed. Among the issues addressed:
Data Privacy vs. Data Transparency
The issue comes down to consumer control and transparency vs. convenience, discounts and information available to consumers, summed up Balogh.
“What we find in recent history is more and more often these companies are using our data in unexpected and unanticipated ways, which raises a lot of questions and concerns,” said Balogh.
Balogh said credit unions need to look no further than where they were meeting for an example of where the future lies, pointing to the recently enacted California Consumer Privacy Act (CCPA), which applies to any CU of a certain size that does any type of business in the state.
“It’s a sweeping first-of-its kind law that attempts to regulate the collection use and sharing of personal information,” she said.
In its initial form the law had a lot of “problematic elements from a workability perspective,” said Balogh that would have affected numerous joint marketing programs, such as any CU that might work with CUNA Mutual’s TruStage program, for instance. But Balogh credited the California league for its efforts to get the bill successfully amended to include a Gramm Leach Bliley Act exemption. “It is now much more workable than it was when passed,” said Balogh.
The law goes into effect in January 2020 in California, and more than 20 states have introduced similar legislation in the wake of California’s law.
“It’s not that financial services are opposed to privacy protections; we live in a world where privacy is taken very seriously,” said Balogh. “I expect will see more bills in the years ahead and it will become more complex, especially for credit unions with members in multiple states.”
So wouldn’t a federal bill be the ultimate resolution? Yes, answered Balogh, but the lack of consensus in Congress on how to move it forward has stifled any progress. “What would be really helpful to credit unions would be one standard to follow,” said Balogh.
What To Look For
Other things that are helpful to think about from a compliance perspective with CCPA, according to Balogh:
- Seek legal counsel to understand scope and obligations
- Know your data; update privacy disclosures as needed. Know what personal information the credit union is collecting
- Stay informed
The big issue in data security is the inconsistent data security standards, noted Balogh, adding that while the number of breaches is down, the number of records involved is up considerably.
There is no current federal bill under consideration, and there is also the issue of consumer breach fatigue to deal with, as well, said Balogh, making it clear any resolution is not in the near future.
“The best-case scenario here involves the merchants sharing some burden on these losses,” she said. “While there are acknowledgements of these issues, there are some pretty significant headwinds in Washington, including from those merchants and retailers who are advocating for the status quo.”
Balogh reminded credit unions of the success Iowa’s bankers had in nearly pushing through legislation that would have taxed credit unions of a certain asset size, before CUs were able to defeat it, and said she expected the bankers would be back in the next session not just in Iowa, but also in Kansas. There are also “rumblings” Kentucky’s banks will be looking to advance similar legislation in the Bluegrass State, often with a goal of dividing credit unions.