State of Privacy in Financial Services
This year is no different. Multiple bills have been introduced by prominent members of congress, and they are making their way through the legislative process.
If the frequency and intensity of hearings on The Hill is any indication of the likelihood of a broad-based bill passing, it would seem we are on track for one; 2011 has been one of the most active years for privacy in the past decade. The House Energy and Commerce Committee, Senate Commerce Committee, Senate Banking Committee, Federal Communications Commission Wireless Bureau and the new Senate Judiciary Subcommittee on Privacy, Technology and the Law, among others, all have hosted hearings - in some cases multiple hearings - that have focused on data privacy or touched on it in some way.
2011 has been one of the most active years for privacy in the past decade.
We expect these high-level discussions to continue, and we will be listening closely as the dialogue deepens and the leaders in this new public policy race begin to emerge.
EnforcementEnforcement - the teeth of data privacy - traditionally has had a profound effect on marketplace practices. As a result, we're seeing enforcers such as the Federal Trade Commission, Securities and Exchange Commission, state attorneys general, stepping up activity in this area and calling out those companies that step afoul of privacy laws. Earlier this year, FINRA levied a $600,000 fine on a financial securities firm for failing to protect consumer information. In April, the SEC fined three individuals for violations of the Privacy Rule and Safeguards Rule of Regulation S-P. The FTC dropped a $1.8 million fine on Teletrack Inc. in June for FCRA violations. And Indiana's attorney general hit a state insurer with a $100,000 levy in July for delaying notification of a data breach. But there's more to enforcement than just agency actions. The class-action bar has gained traction in the past year, beginning to find success in bringing privacy claims against organizations. Certainly, these developments are to be ignored at one's own peril. The stage is set for a fascinating explosion of privacy issues and their resulting affect on the financial services sector and the greater marketplace in the months and years to come. I look forward to sharing future insight on this most exciting and heated data privacy landscape.
Trevor Hughes is an attorney specializing in e-commerce, privacy and technology law. In his role as Executive Director of the IAPP, Hughes leads the world's largest association of privacy professionals.