Community banks are on the frontline defending the financial sector and bank customers against cyber threats. Safeguarding customer information is critical to maintaining the public’s trust. Data breaches in the private and public sectors continue to jeopardize consumer financial data and increase the chances of identity theft, the use of synthetic IDs, and financial fraud of all types.
To better address the increased threat and provide banks better access to actionable threat intelligence and clearer requirements, new Federal incident notification laws should supersede state laws. Often the patchwork of state laws creates requirements that are overly broad, often conflict with one another, increase burdens and costs, foster confusion, and are detrimental to customers because of the difficulty to implement.
It is important that community banks receive timely notification from the public and private sectors, concerning the nature and scope of any breach that may have compromised consumer information so that they may take steps to mitigate any damage.
The costs of data breaches should be borne by the party that incurs the breach. Barring a shift in liability to the breached entity, community banks should have continued access to various cost-recovery options, including account recovery programs and litigation. Too often, the breached entity evades accountability while financial institutions are left to mitigate damages to their customers.
Lastly, the government, including regulatory agencies, continue to be the subject of cyber incidents and data breaches resulting in the loss of consumer data. Like banks, governmental departments and agencies have a responsibility to report incidents. Liability for the breach of governmental systems should not be unfairly born by community banks.