Data Privacy Monitor

Data Privacy Monitor

Commentary on Data Privacy & Information Security Subjects

Category Archives: Financial Privacy

Subscribe to Financial Privacy RSS Feed

Financial Institutions Privacy and Security – 2013 Year in Review

Posted in Data Breaches, Financial Privacy
Throughout 2013, financial institutions continued to face serious threats from cybercriminals targeting the personal information of banking customers and their financial assets through the use of malicious software and denial of service attacks (DDoS).  In fact, according to the Verizon 2013 Data Breach Investigation Report, which is available here, thirty-seven percent of breaches this year … Continue Reading

Visa Loses Motion to Dismiss in Genesco Case – Are the Days for PCI Assessments Numbered?

Posted in Financial Privacy
Co-Authored by: Judy Selby In a highly anticipated decision, a federal court in Tennessee let stand a retailer’s claims against Visa for violation of California’s Unfair Competition Law (UCL) and for common law claims for unjust enrichment and restitution arising out of fines and assessments levied by Visa in the wake of a massive data … Continue Reading

Vermont and North Dakota Amend Breach-Notice Laws

Posted in Breach Notification, Data Breach Notification Laws, Data Breaches, Financial Privacy, HIPAA/HITECH, Medical Privacy
On May 13, 2013, Vermont Governor Peter Shumlin signed H.513 into law. The new law includes an amendment to Vermont’s Security Breach Notice Act, 9 V.S.A. § 2435. Previously, under § 2435, Vermont-regulated financial institutions were exempt from notifying any Vermont authority in case of a security breach involving personally identifiable data. The new law … Continue Reading

Proposed FFIEC Guidance on Financial Institution Social Media Use

Posted in Financial Privacy, Social Media
The Federal Financial Institutions Examination Council (FFIEC) released for comment on January 17 its proposed Social Media: Consumer Compliance Risk Management Guidance.  There is a 60-day comment period.  The purpose of the guidance is to help banks, savings associations, credit unions, and non-bank entities supervised by the Consumer Financial Protection Bureau (CFPB) understand and address … Continue Reading

Bank Agrees to Reimburse Company for Funds Taken Through Online Bank Account Theft

Posted in Financial Privacy
We reported in July on a First Circuit Court of Appeals decision finding that a bank failed to implement commercially reasonable security methods to prevent unauthorized transfers by a criminal that gained the online banking credentials of a construction company.  The criminal was able to steal $345,000 from the construction company’s account.  It was then reported on … Continue Reading

Internet Banking Authentication Security Procedures Found Commercially Unreasonable

Posted in Financial Privacy, Identity Theft, Online Privacy
It is a common scenario—a company’s computer system becomes infected with some variant of the Zeus Trojan with a key logger that sends key strokes out to a command and control server operated by a criminal. The criminal searches the key strokes to find login credentials to that company’s Internet bank account, which are used … Continue Reading

SEC and CFTC Propose Identity Theft Prevention Rules

Posted in Financial Privacy, Identity Theft
Reflective of an increased interest in data privacy concerns, on February 28, 2012, the Securities and Exchange and Commodity Futures Trading commissions jointly released proposed rules designed to protect investors from identity theft by mandating the creation of programs to detect potential security threats.  The proposed rules are meant to implement Title X of the … Continue Reading

Speier Introduces “Do Not Track Me Online Act of 2011″

Posted in Behavioral Advertising, Federal Legislation, Financial Privacy, Online Privacy
The FTC—in its December 2010 online privacy report and testimony before Congress—discussed the need for a browser-based “Do Not Track” mechanism to give consumers greater control over behavioral advertising.  Under the “Do Not Track Me Online Act of 2011” (H.R. 654)—introduced by Rep. Speier (D-CA) on February 11—the FTC will have 18 months to establish … Continue Reading

Noteworthy Data Privacy and Information Security Events in 2010

Posted in Behavioral Advertising, Breach Notification, Data Breach Notification Laws, Enforcement, Federal Legislation, Financial Privacy, HIPAA/HITECH, Information Security, Medical Privacy, Online Privacy
The two events that drew the most attention in 2010, both of which occurred at year-end, were reports from the FTC and the Department of Commerce.  Below is a brief summary of those two reports and other issues drawing attention in the past year: (1) FTC Issues Long-Awaited Consumer Privacy Policy Report On December 1, … Continue Reading