The Federal Trade Commission recently announced that it reached a settlement with three consumer credit report resellers whose information security practices and procedures were not sufficient to prevent hackers to obtain more than 1,800 consumer credit reports without authorization. The settlement resolves allegations that the resellers violated the Fair Credit Reporting Act, the FTC Act and the Gramm Leach Bliley Safeguards Rule by failing to take appropriate precautions to protect credit reports and the personal information such reports contain. According to the FTC, the resellers’ information security deficiencies included (1) not having comprehensive information security policies or procedures in place; (2) releasing consumer reports to clients who lacked basic security measures, such as firewalls and updated antivirus software; (3) failing to protect their own internet portals and thereby furnishing credit reports to hackers who lacked a permissible purpose for having them; and (4) not making reasonable efforts to protect against future breaches even after becoming aware of the hackers’ illegitimate activities.
If You Let Them Build It, They Will Come: Regulatory Agencies Release Model Privacy Notice Online Form Builder
The eight regulatory agencies that released the final model privacy notice form that satisfies the disclosure requirements under the Gramm-Leach-Bliley Act have released an Online Form Builder to assist financial institutions in meeting their obligations under the act.
…
Innocent Mall Shoppers, You’re Off the Hook: Federal Agencies Release Model GLBA Privacy Notice Form
On November 17, 2009, eight federal regulatory agencies released their final model privacy notice form that is intended to make it easier for consumers to understand how financial institutions collect and share information about them.
…
Feud of the Forms — The Battle of The GLBA Notices
The report by Drs. Alan Levy and Manoj Hastak, Consumer Comprehension of Financial Privacy Notices, uses the results of a mall-intercept study to compare the performance of a prototype financial privacy notice developed by the Kleimann Communication Group (“KCG”) during the first phase of the INP against three alternative notices. The Levy-Hastak report, among other things, confirms what proponents of the INP suspected – some GLBA privacy notices are largely ineffective in conveying information to consumers that allows them to make rational decisions about the sharing of their personal financial information.
…