The financial services sector of the U.S. economy is the most highly regulated area of the economy. Recently, much of the new legislation has been aimed at data privacy and protecting personal information. With data breaches reported on a seemingly daily basis, and with the growth of identity theft as a crime, it’s not surprising that regulators have tried to step up protection of this information.
Understanding these laws is no easy task. Legislation involves hundreds of pages of information and correctly interpreting the rules can be difficult for any company. Many small to mid-size companies, especially if they don’t have staff members with specific expertise with these regulations, find it difficult to accomplish what is required to be in compliance. That lack of understanding can lead to fines and penalties from the Securities and Exchange Commission (SEC), the Federal Trade Commission (FTC), the Federal Financial Institutions Examination Council (FFIEC), and other agencies.
Here are some details about these data privacy laws and how they may affect your company.
First, let’s define the two areas of information in question — non-public information (NPI) and personally identifiable information (PII). Non-public information refers to all information on applications for credit cards and loans, or on credit card or bank account histories. This information can include: names, addresses, telephone numbers, social security numbers, PINs, passwords, account numbers, balances, medical information, and more.
Personally identifiable information (PII) is any piece of information that can be used to uniquely identify, contact, or locate a single person. PII can include: driver’s license numbers, telephone numbers, street addresses, email addresses, IP addresses, vehicle registration numbers, and more.
Protecting this information is becoming more and more important, both to the public and to legislators. There are a host of laws that require compliance. The more well known are the Gramm-Leach-Bliley Act, the Identity Theft and Assumption Deterrence Act, and, of course, the USA Patriot Act (although much of this legislation recently lapsed and hasn’t been renewed). There are dozens of other federal and state data protection laws, with more passed every month.
Each law has certain compliance rules concerning data privacy. It’s the right thing — both for your customers and the general public — to handle NPI and PII correctly, but sometimes navigating the ever-changing legislation is complex.
That’s why you need RegTec to handle these issues for you. Compliance is all we do, and we should handle it for your organization.