On August 10, 2010, the U.S. Court of Appeals for the Seventh Circuit upheld an earlier ruling by the Northern District of Illinois Eastern Division that email order confirmations are not “electronically printed” receipts under the Fair and Accurate Credit Transactions Act (“FACTA”) amendments to the Fair Credit Reporting Act. Shlahtichman v.1-800 Contacts Inc., Case No. 09-4073 (7th Cir.; Aug. 10, 2010). The court affirmed the dismissal of Shlahtichman’s complaint against 1-800 Contacts Inc. that involved an electronic order confirmation containing Shlahtichman’s credit card expiration date.
Financial Privacy
If You Let Them Build It, They Will Come: Regulatory Agencies Release Model Privacy Notice Online Form Builder
The eight regulatory agencies that released the final model privacy notice form that satisfies the disclosure requirements under the Gramm-Leach-Bliley Act have released an Online Form Builder to assist financial institutions in meeting their obligations under the act.
…
District Court Rules E-mail Order Confirmations Not Subject to FACTA
Judge John W. Darrah of the Northern District of Illinois Eastern Division held that FACTA’s prohibition against the electronic printing of a debit or credit card’s expiration date on receipts was inapplicable to e-mail order confirmations.
…
FINRA Fines Member Firm $175,000 for Failure to Protect Confidential Customer Information
The Financial Industry Regulatory Authority (FINRA) announced on April 28, 2009 that it had fined Centaurus Financial, Inc., of Anaheim, California, $175,000 for Centaurus’s failure to protect confidential customer information. FINRA also required Centaurus to send notifications to affected customers and their brokers, provide one year of credit monitoring at no cost to the affected customers, and certify to FINRA that its procedures and systems are in compliance with privacy requirements. See FINRA News Release (April 28, 2009).
Feud of the Forms — The Battle of The GLBA Notices
The report by Drs. Alan Levy and Manoj Hastak, Consumer Comprehension of Financial Privacy Notices, uses the results of a mall-intercept study to compare the performance of a prototype financial privacy notice developed by the Kleimann Communication Group (“KCG”) during the first phase of the INP against three alternative notices. The Levy-Hastak report, among other things, confirms what proponents of the INP suspected – some GLBA privacy notices are largely ineffective in conveying information to consumers that allows them to make rational decisions about the sharing of their personal financial information.
…
SEC Seeks to Better Protect Investors’ Privacy With Proposed Amendments to Regulation S-P
In light of growing concerns over identity theft, data breaches, and the hacking of online brokerage accounts, the Securities and Exchange Commission (“SEC”) has recently proposed new amendments to Regulation S-P – the SEC’s existing privacy rules mandated under the Gramm-Leach-Bliley Act. The SEC’s unanimous approval of these proposed rules signals the Commission’s desire to more closely align its privacy guidelines with those of the Federal Trade Commission (“FTC”) and the Federal Banking Agencies, which adopted data breach notice rules in 2005. For regulated companies, however, the amendments could mean additional costs and liabilities.