The Current Landscape
As a quick (and incomplete) primer, generally financial
institutions must protect all “nonpublic personal information” relating to current and former customers under
the Gramm-Leach-Bliley Act (GLBA), the Right to Financial Privacy Act, and the Fair Credit Reporting Act.
Remember, GLBA does not preempt state law if that law
is consistent with GLBA and if that statute gives consumers more privacy protection that GLBA. In other words,
you must know the state laws of every single state where
you have, or have had, customers.
It remains to be seen what Congress will actually do,
and how that will affect the financial services sector. What
is clear, is that institutions must understand their current
requirements, how state requirements affect them (and
which states matter—i.e., where are their customers living), and how any exemptions apply.
One thing is certain—all businesses, including financial
institutions, are holding more data than ever before, and
such data will likely increase as will analysis methods to
use this data, as technology rapidly changes and develops.
While data can provide protections such as those for use
in identity authentication, it provides risk, as criminals
constantly seek to exploit any system weakness to mine,
use or misuse the data. While data breaches are often
handled by other units of a financial institution, Compliance is well informed and
positioned to assist in a strong,
coordinated response to
BY MARGARET WEIR WESTBY, ESQ., CRCM,
AND LISA WOLF, J.D., CRCM
What Compliance Needs to
Know in the Event of a
THERE IS NO DOUBT THAT DATA SECURITY is on the average consumers mind, as well as on the agendas of federal and state lawmakers. This past June, ABA Banking Journal reported on consumer concerns about privacy and data security. Citing a Verizon and Longitude global survey, the publication reported that “…almost 7 in 10 consumers
said honesty and transparency about how their personal data is used is something they look
for in a company seeking to win their trust.” They further found that 42 percent of respondents
emphasized the importance of companies clearly communicating their compliance with data
regulations, and discovered that 29 percent of consumers in the U.S. would avoid using a
company that had experienced a data breach. An additional 63 percent indicated they would
avoid a company with such a breach for a period of time.