Safeguarding customer information is critical to maintaining the public’s trust in the banking system. Data breaches in the private and public sectors jeopardize consumer financial data and increase the chances of financial fraud of all types.

Community banks currently face a myriad of incident reporting laws at the state and federal level. The federal government should focus efforts on harmonizing incident reporting requirements to enable community banks to focus more on response and recovery, and less on compliance and paperwork.

Similarly, ICBA supports a federal data breach law that preempts the current patchwork of state laws. These laws create requirements that are overly, broad, conflict with one another, increase costs and foster confusion.

Following a breach in the private or public sectors, community banks must receive timely notification concerning the nature and scope of any breach that may have compromised customer data. The costs of data breaches should be borne by the party that incurs the breach.

Barring a shift in liability to the breached entity, community banks should have continued access to various cost-recovery options, including account recovery programs and litigation. Too often, the breached entity evades accountability while financial institutions are left to mitigate damages to their customers.

Lastly, the government, including regulatory agencies, continues to experience cyber incidents and data breaches resulting in the loss of consumer data. Governmental departments and agencies have a responsibility to report incidents, and liability for the breach of governmental systems should not be unfairly born by community banks.