From: Reuters
A top U.S. financial regulator on Thursday told lawmakers that retailers and other companies that deal with customer payments should have the same obligation as banks to report data breaches.
The call for a uniform disclosure regime comes after cyber criminals managed to pull off a massive theft of customer data from retailer Target Corp during the holiday shopping season in late 2013.
That and other high-profile data breaches have reignited a debate about whose responsibility it is to protect against cyber crime and how customers should be notified.
U.S. Federal Reserve Governor Daniel Tarullo told the Senate Banking Committee that regulators require banks to notify customers and take certain remediation steps when breaches happen.
But strict rules do not exist for retailers and other players in the electronic payments system, including third-party processors.
“I think you probably need some uniform requirements on disclosure when breaches have actually taken place,” Tarullo said. “Until the banks and customers are sure that they know whenever anything has happened with their data, it’s going to be hard for people to respond.”
Tarullo did not specifically call for legislation.
Leave a Reply