| Ever wonder if banks are required to tell customers | | | | notify account holders if the institution becomes |
| when their systems are hacked? You may be | | | | aware of unauthorized access to sensitive customer |
| shocked to learn that they are not. The only | | | | information. The directives apply to banks and |
| exception to this standard has been database hacks | | | | savings and loan companies, but not credit unions. |
| that effect California residents. Companies doing | | | | There are two serious loopholes in the regulations. |
| business in California are required to give such notice | | | | First, a financial institution that discovers a database |
| under the California Security Breach Information Act. | | | | breach must only notify account holders if it is |
| The situation is changing quickly on the federal level. | | | | "reasonably possible" that personal details will be |
| Regulations have been issued by federal finance | | | | misused. Second, the regulations only apply to |
| agencies that now force banks to tell customers | | | | personal data, not business or commercial accounts. |
| when their personal data has been exposed to | | | | While these new regulations are a positive step, one |
| unauthorized third parties. The regulations are issued | | | | could drive a truck through the two loopholes. |
| pursuant to the Gramm-Leach-Bliley Act, which | | | | Determining whether it is "reasonably possible" that |
| contains language requiring financial institutions to | | | | your information will be misused is a vague standard |
| prevent unauthorized access and use of consumer | | | | that many financial institutions will use to withhold |
| information. | | | | information. Put bluntly, the notification regulations are |
| The new regulations appear to be a reaction to | | | | gutless. |
| several recent high-profile data leaks. They include | | | | The best method for keeping an eye on database |
| incidents such as Bank of America losing data tapes | | | | breaches is to look for stories in the news. Under |
| containing information for over 1 million government | | | | California law, companies are required to give notice |
| employees and the breach of databases for | | | | to California residents when breaches occur. If you |
| LexisNexis and ChoicePoint. It is well known that | | | | see a story about your bank giving notice of a hack |
| numerous other banks have also been hacked over | | | | to California residents, your personal information may |
| the years, but the information has been hushed up. | | | | have also been exposed. Hackers do not restrict their |
| The new regulations require financial institutions to | | | | attacks to California residents. |