Privacy Laws - A Threat To U.S. Financial Services Corporations?
November 20, 2006

By Kurt Seifried (kurt@seifried.org)

There is a new and potentially damaging problem on the horizon for many financial service firms, ranging from banks to mortgage lenders and insurance companies.

Privacy laws designed to protect consumer.

Now don’t get me wrong, I generally support the idea of laws that will provide protection to consumers with respect to their personal data (i.e. name, social insurance number, banking details, address, etc.) but I can see some very serious potential problems because of the way US state laws interact with corporations.

In previous years this actually wouldn’t have been as much of a problem as it is today for one simple reason: interstate banking laws that largely prevented banks from operating in more than one state. These laws have changed, now allowing banks to operate across state lines, allowing for national banks to provide services across the United States of America.

Why is this a problem? In a nutshell numerous states are considering passing, or have already passed, laws regarding the safe and proper storage of consumer information, what information may be stored, what information may be disclosed to business partners and so on. These laws may even impact the transfer of data within an organization if that information is considered to have “left” the state (offsite backups anyone?).

The intersection of these laws and common business practices will lead to numerous legal questions and problems. Can a mortgage broker provide the required data for a client to get mortgage quotes from multiple institutions, some of which may be out of state, or indeed outside the U.S.A.? Can a company ship backups of customer data to offsite data storage facilities? Does it matter if that information is held on magnetic tapes (i.e. in a “tangible” format) or sent electronically over a VPN for example (i.e. in an “intangible” form). Can a company even send user data for processing to an out of state data center?

As well there are large classes of companies that require sensitive information in order to provide services and products to customers, many utility companies for example want a name, address, social insurance number and depending on the payment method banking details for direct debit in order to provide a customer with service. Companies that provide outsourcing or other labor services will also of course require information such as a social insurance number, not to mention companies that provide payroll services such as ADP (Automatic Data Processing, Inc.).

Unfortunately there are no easy answers to these questions, indeed the majority of states have not yet passed such laws, however it is inevitable that such laws will be passed with the current climate. Companies that make use of sensitive financial data, especially those that operate within multiple U.S. states are advised to keep a close eye on such legislation and consider finding legal resources or notifying internal legal departments in order to prepare for this.

Of course this doesn’t even take information and security notification laws into consideration. That’s a whole other can of worms.

Share and Enjoy:
  • Slashdot
  • Digg
  • del.icio.us
  • Reddit
  • digg
  • Technorati
  • StumbleUpon
By Kurt.Seifried • Articles, Future Forecast • •

Leave a Reply


 Sidebar
  • Pages
  •  
    November 2006
    M T W T F S S
    « Oct   Dec »
     12345
    6789101112
    13141516171819
    20212223242526
    27282930  
  • Archives
  • Categories
  • Meta

    • copyright 2008 reavis consulting group, llc

    all postings and articles are owned and the copyright is held by the author, all opinions expressed are held by same.

    Riskbloggers is proudly powered by WordPress
    Entries (RSS) and Comments (RSS).

    design by | live | life | loud |