In response to news that the Senate Banking panel kicks off talks on data security bill, an expert with OneSpan offers perspective:
Michael Magrath, Director of Global Regulations & Standards, OneSpan says: "It is good news that the Senate Banking Committee is beginning discussions around data collection and security standards. However, toughened data collection & security standards cannot be confined to banking and financial services; Congress is in the early stages of research required to address consumer privacy and security. I expect that several committees will be following similar a similar path. It remains to be seen if the U.S. enacts a GDPR-like comprehensive privacy and data protection law. Although the Equifax breach served as the catalyst for congressional investigations and hearings, front page scandals involving Facebook and Cambridge Analytica are also driving the need.
Like the EU’s GDPR the U.S. needs comprehensive federal legislation protect consumers. With the signing of the California Consumer Privacy Act, other states will certainly follow California’s lead. No doubt each state will have its own unique language privacy and data collection and security which will create a compliance nightmare for any company doing business in a particular state.
This comes at a time when the current administration is testing the waters on open banking which will pave the way for non-bank, fintech companies to offer competing and/or complementary banking services to consumers in which banking data is shared through APIs. Open banking like the EU’s PSD2 gives consumers more control over their data and requires strict consent, authentication and security controls along with and audit trails for each transaction. Facebook and other well-known tech companies could be major players in open banking in the U.S., which means this initial work by Congress will hopefully make sure open banking is developed with appropriate. As PSD2 matures in the EU, the U.S. can apply the best aspects of PSD2 into any open banking initiatives while also leverage the work of NIST and Congress as it relates to privacy and security standards."