MADISON, Wis. — Even though it has not been on the front pages as much this year, executives with CUNA Mutual and several credit union leagues say the card data security issue remained high on at least some state legislative calendars in 2008.
"It's our impression the issue is very much alive," said Christopher Roe, CUNA Mutual Group senior vice president for corporate and legal affairs. Even though Roe acknowledged that the breaches this year have generally not been the large ones that grab headlines in the mainstream press, he said, the overall number of card security breaches are growing at a record clip.
Other league executives from states that mounted card security legislative efforts also reported a lot of energy around the issue. "I have even had legislators come up to me and tell me that they wish it had passed," said Tom Lieb, vice president for governmental affairs for the Wisconsin Credit Union League. "They see it as an issued tied into a lot of other different consumer issues and look forward to supporting it next year."
Recommended For You
The fact Wisconsin legislators are looking forward to supporting a bill next year points out that, increased energy notwithstanding, California remains the only state so far to have passed a version of comprehensive card data security legislation this year. Although several others have come close and have very good prospects for next year, leagues have said.
California's legislature passed a card data security bill and sent it to the governor after the bill's backers dropped a controversial requirement that retailers experiencing card security breaches reimburse card issuers for the cost of closing and replacing compromised cards. California Governor Arnold Schwarzenegger (R) has until Sept. 30 to sign it.
According to executives from CUNA Mutual and various leagues, eight states other than California have or had data security bills in their legislative mills this year: Alabama, Iowa, Maine, Maryland, Michigan, New Jersey, Washington State and Wisconsin.
Of these, New Jersey is the only state that still has an active bill. All the others have adjourned for the year with only two (Iowa and Maine) passing some sort of card security legislation.
The card security bills that passed in Maine and Iowa did not address the issue directly but instead mandated studies of the issue, the results of which are to be reported back to the legislature in 2009. Maine's study would focus on the card security question and instructed that the Maine Credit Union League be one of the associations consulted as part of the study. The Iowa study addresses the card security question more in the context of overall consumer identity security.
Two of the states that came close to passing card data security legislation were Wisconsin and Washington State. The respective bills failed to pass before the state's legislative deadline, but executives with the leagues in each state reported sharply different reasons for the failures.
It appears that time just ran out on the bill in Wisconsin. Lieb reported that the bill had been entered relatively late but, like a lot of similar legislative efforts in other states, found widespread bipartisan support.
"There were groups which were opposed to the legislation, mostly retailers, but they really didn't hold up the process at all," Lieb reported. "There were just too many things to get done, and the issue was not high enough on enough legislative calendars," he said, expressing confidence that a similar measure would pass next year.
"We have commitments from the bill's sponsors to re-introduce it next year and to do it earlier in the year so it has a much better chance," Lieb said.
In Washington State, the authors of this year's bill have also committed to reintroduce their measure next year, but Stacy Augustine, senior vice president and general counsel for the Washington Credit Union League, reported that it was more than just the ticking clock that killed their bill.
"I would say fear did it in," Augustine said. "Fears primarily on the parts of industry and retail groups about what the bill might mean," she said.
Augustine said the Washington State bill had a clause mandating reimbursement of card issuers' costs from retailers experiencing card security breaches. She also doubted Washington CUs would be willing to drop that requirement since the state is already an industry leader in the area of consumer notification of card breaches.
This year's California bill supporters hoped that the bill's notification requirements would serve as a sufficient spur to adopt card security procedures even without reimbursement.
Augustine said that the Washington State bill had also suffered from lack of support from the state's bankers, either the larger multi-state banks or the smaller community banks. She said she understood that the larger banks were getting pressure from their merchant customers, but she considered the lack of support from the smaller community banks a mystery.
She added that supporters would be rewriting the bill a fifth time in advance of next year to develop legislation that stands the best chance of passage.
In New Jersey Paul Gentile, CEO of the New Jersey Credit Union League, explained that the league had gotten the support of at least some of the state's bankers for this year's bill, which is still before a legislative committee. However, he added that the effort had stalled after its primary legislative backer was forced to resign.
"It kind of lost energy and stalled a bit after its lead backer, Neil Cohen, was forced to resign over allegations about pornography on his computer," Gentile reported. The resignation took place in late July and, since then, some of the bankers, particularly the larger commercial banks have backed away from the bill, he said.
© Touchpoint Markets, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more inforrmation visit Asset & Logo Licensing.
