Tag: privacy

1
FDIC Economic Inclusion Summit A Good Reminder of Fair and Responsible Banking Practices
2
Connecticut Mandates Identity Theft Services for SSN Data Breaches
3
California Attorney General Offers Online and Mobile “Do Not Track” Privacy Policy Recommendations
4
Circuit Court Declares Bank’s Wire Transfer Security to Be Commercially Unreasonable Under UCC Article 4A

FDIC Economic Inclusion Summit A Good Reminder of Fair and Responsible Banking Practices

By Soyong Cho

Yesterday, the FDIC hosted a day-long Economic Inclusion Summit that brought together stakeholders in private industry, the government, and non-profit organizations to discuss strategies to expand credit to under-served communities. Speakers stressed the need to understand the personal and financial challenges facing low- and moderate-income (“LMI”) populations in order to more effectively design products and marketing channels to reach LMI communities. Leveraging big data and technology were identified as key factors to reducing costs and profitably serving LMI customers.

Banks are of course rated on their outreach initiatives to under-served communities under the Community Reinvestment Act (“CRA”), but profitably expanding their customer base is also good business. The FDIC’s Summit serves as a reminder of the established programs, partnerships, and networks that exist to assist banks to meet their CRA obligations. However, it is also a good reminder that banks must be sensitive to the regulatory compliance and other risks attendant with marketing to and servicing LMI communities in particular, as even the best intentions can be undermined by flawed implementation or unclear regulatory guidance. Among others, UDAAP, fair lending, and privacy issues should be considered in all phases of product development and delivery. In the coming months, K&L Gates will be hosting a series of webinars focused on the nuts and bolts of consumer protection compliance.

Connecticut Mandates Identity Theft Services for SSN Data Breaches

By: Holly K. Towle

On June 30, 2015, Connecticut’s governor signed into law an amendment to the state’s data-security-breach-notice statute to mandate “appropriate” identity theft prevention services for breaches involving social security numbers. Identity theft mitigation services are also required “if applicable” (e.g., if identify theft actually occurs). The services must be provided at no cost and for at least 12 months. The statute does not explain which identity theft “prevention” or “mitigation” services are mandated or which are “appropriate.”

Read More

California Attorney General Offers Online and Mobile “Do Not Track” Privacy Policy Recommendations

By: Jonathan D. Jaffe, Jeremy M. McLaughlin

California Attorney General Kamala Harris recently issued guidance to help companies provide more “meaningful” privacy policies. Entitled “Making Your Privacy Practices Public,” the recommendations consolidate previously issued guidance and provide new information regarding online tracking and Do Not Track (DNT) signals. As the guidance document indicates, the recommendations “are not regulations, mandates or legal opinions” and offer greater protections than those required under existing law. Clearly, though, they reflect the attorney general’s preferences and what she believes are privacy best practices. Read More

Circuit Court Declares Bank’s Wire Transfer Security to Be Commercially Unreasonable Under UCC Article 4A

By: Holly K. Towle

In 2010 we reported on the “Wave of Online Banking Fraud Targeting Businesses” that use online banking relationships to make electronic fund transfers by wire or ACH. The fraudsters use malware such as key-loggers to steal access credentials and then start draining the business’ account. In the U.S., the transfers are governed by Article 4A of the Uniform Commercial Code (“UCC”). Consumer accounts are not impacted by Article 4A: they are eligible for the consumer protections afforded by the federal Electronic Funds Transfer Act and Regulation E, which limit a consumer’s exposure to fraudulent transfers to a maximum of $50 as long as the consumer promptly reports the fraudulent activity. Read More

Copyright © 2019, K&L Gates LLP. All Rights Reserved.