Posts tagged ‘Preet Bharara’

Gillibrand Proposes Data Protection Agency

Data protection is the legislative equivalent of the weather: everyone talks about it but no one does anything about it. So I was pleased to see that Senator Gillibrand unveiled a bold proposal yesterday to create a Data Protection Agency.

As of ten minutes ago the text of the bill was not yet available online but, according to her press release the DPA’s core responsibilities would be giving Americans greater control of their own data by creating and enforcing data protection rules—ensuring fair competition “within the digital marketplace” and preparing America for the Digital Age by advising Congress on emerging privacy and technical issues. This last proposal is a bit unsettling since I kind of thought that Congress knew we were already in the Digital Age and was reading up about it.

You don’t have to be Nostradamus to figure out that the agency would promulgate a California/European regulatory regime on companies and crackdown on potentially anti-competitive practices of Facebook, Google and Amazon. It would be overseen by a Director serving a five year term.

Now it’s way too early to say whether this is a good or bad idea. But let’s be honest, given the current political divide in Congress, this proposal has as much chance of becoming law any time soon as Donald Trump does of giving up tweeting for Lent. But in the eight years since U.S. Attorney for the Southern District in New York, Preet Bharara, warned of a WWII style cyber-attack against this country, the situation has only gotten worse, not better. We’ve grown so used to the idea of cyber breaches that news that the Chinese government stole personally identifiable information from almost half of America’s citizens is met with a shrug. Anything that wakes us up and gets us talking about taking on data protection issues on a national level is a step in the right direction even if some of the specifics need to be refined.

On that note, enjoy your Presidents’ Day Weekend. I will be back on Tuesday.

February 14, 2020 at 9:09 am Leave a comment

Are We Facing a Data Breach Pearl Harbor?

You may not know Preet Bharara yet, buy my guess is that you will.  He is the U.S. Attorney for the Southern District in New York and in a recent piece in the New York Times, he compared the epidemic of cyber crime to a modern-day Pearl Harbor.  Evidence demonstrates that he’s not overstating the case, at least by much.

Listen, I love Five Guys as much as the next guy.  In fact, for my money, it’s the best fast food burger in the Country.  But, a recently disclosed security breach demonstrates yet again why merchants have to be made more responsible for protecting debit, credit, and, increasingly, prepaid cards.  My local paper, the Albany Times Union, reported the other day that Trustco is suing Five Guys because of its negligent handling of customer payment information that resulted in the theft of $90,000 worth of merchandize.  If what the bank alleges is true, it’s the same old story:  the merchant knew about the data breach for months but was slow to alert authorities.  Five Guys, of course, insists that it was complying with the law.

Then, today, the Wall Street Journal has an article detailing the security shortcomings at Fidelity National Information Services (FIS), which led both the OCC and the NCUA to be extra vigilant in dealing with the third party processor.  Of course, what these two cases have in common is that credit unions are victimized by third party processors and merchants that have too little responsibility for protecting debit and credit card information.  When the breach gets exposed, it is often the credit union or bank that is left holding the bag.  I wish Trustco all the best with their lawsuit, but unless there is a sea change in legal analysis, the courts will continue to be reluctant to hold merchants responsible to card issuers.  The problem is one that needs a legislative fix and quickly.

As explained recently by Bharara, “companies must start thinking ahead of the hack and locking their doors. It is simply no longer enough for company leaders to take a hands-off approach, leaving these matters to a few “techies.” Such an attitude practically invites a hack. Even simple measures — like employee training and regular threat assessments — can help companies avoid becoming the easy target.” 

The fact is that these are the type of steps that financial institutions have been taking for years; but without federal legislation, it simply won’t be in the financial interest of third party processors and merchants to adequately protect consumer records.  

America is the great information economy that refuses to recognize that high tech bank robbers are ripping off companies more easily than bandits could rip off stage coaches in the 19th Century.

June 6, 2012 at 7:17 am 3 comments

Authored By:

Henry Meier, Esq., Senior Vice President, General Counsel, New York Credit Union Association.

The views Henry expresses are Henry’s alone and do not necessarily reflect the views of the Association. In addition, although Henry strives to give his readers useful and accurate information on a broad range of subjects, many of which involve legal disputes, his views are not a substitute for legal advise from retained counsel.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 653 other followers