The following three whitepapers can help a credit union understand their liability for a security breach under Uniform Commercial Code 4A (UCC 4A), negligence theories, and consumer notification. Reading these in order (SM001, 002, and 003) will provide the reader with a better understanding of the entire picture regarding credit union liability for security breaches.
UCC 4A governs financial transactions and security for those transactions. Most states have passed UCC 4A or similar legislation. This paper explains how UCC 4A works and how a credit union can protect itself against UCC 4A lawsuits.
Negligence is another theory a consumer can use against a credit union for loss of funds as a result of a security breach.
Finally, there are rules in each state regarding when a credit union must notify a consumer of a security breach.