Published on September 16, 2020
Electronic data collection is so ubiquitous in today’s world that it would be easier to list the aspects of our lives in which data isn’t collected by others. The COVID-19 pandemic has accelerated consumer movement into doing business virtually as health concerns increase the demand for contactless and paperless transactions. Pre-pandemic, some businesses felt no need to even have a website; now businesses and professionals are relying on the internet to let consumers know that they are still operating. For example, real estate leasing agencies are now doing “virtual tours” instead of open houses, a boat rental company launched a website so travelers can see and rent a boat through an online booking system, and restaurants are now providing QR codes so their customers can use their smartphones to access their menus to abide by social distancing measures and also are increasingly accepting contactless e-payment solutions.
U.S. regulators have begun to react and respond to this trend. Earlier this year, the California Attorney General announced approval of the final regulations under the California Consumer Privacy Act (“CCPA”). This legislation is the first instance in an emerging trend of consumer data privacy right protections. Although California is the first, many states are right behind it with privacy legislation already signed (i.e., Maine and Nevada) or that are in committees/chambers (i.e., New York, New Jersey, Illinois, etc.). Generally, these laws providing consumers with codified rights to control their personal data such as the right to access, deletion, portability, and to opt-out of collecting their information. These laws also impose draconian penalties against businesses for non-compliance such as large fines and potential loss of licensure. The Financial Services industry is especially vulnerable to these penalties as financial information is sensitive data and any company collecting or using that data are targets to hackers and data thieves.
Most financial institutions that are “significantly engaged” in financial activities (i.e. banks, insurance providers, securities firms, mortgage lenders, etc.) are heavily regulated under the Gramm-Leach-Bliley Act of 1999 (“GLBA”). The GLBA has a privacy rule that accounts for clear and conspicuous policies, opt-out rights and limitations on data sharing.
But not every Financial Services Professional and Company is obligated to comply with GLBA. Therefore, with the adoption of new technologies to serve clients, the financial services industry needs to pay attention to data privacy laws.
Businesses that quickly adapt to this changing landscape may not only avoid additional costs, but also become more profitable in the long run as these industries scramble to keep up with compliance requirements from the CCPA and international laws such as the EU’s General Data Protection Regulation (“GDPR”) and Brazil’s Lei Geral de Proteçāo de Dados (“LGPD”), which all have tremendous noncompliance fees. Financial Services Companies and Professionals are adopting a host of different technologies to serve their clients and protect their data. But with the adoption of technology comes important questions such as: what kind of data are you collecting, storing and sharing across different platforms? Early compliance and adoption of best practices, much like preventative medicine, will save a business much pain going forward. At the very least, every business should now look at their existing vendor contracts that handle data management and see what privacy and security provisions are in place.
Data Privacy regulation is a growing concern for Financial Services Companies and Professionals. The Warren Law Group can help strategize on the best approach to data privacy, so your company can remain ahead of the pack and reduce liability or exposure to regulatory oversight.
Written By Christopher Warren & Todd Kulkin, Esqs.
ATTORNEY ADVERTISING. Prior Results Do Not Guarantee Similar Outcome.