| Ever wonder if banks are required to tell | | | | containing information |
| customers when | | | | |
| | | | for over 1 million government employees and |
| their systems are hacked? You may be shocked | | | | the breach of |
| to learn that | | | | |
| | | | databases for LexisNexis and ChoicePoint. It |
| they are not. The only exception to this | | | | is well known |
| standard has been | | | | |
| | | | that numerous other banks have also been |
| database hacks that effect California | | | | hacked over the |
| residents. Companies | | | | |
| | | | years, but the information has been hushed |
| doing business in California are required to | | | | up.The new regulations require financial |
| give such | | | | institutions to notify |
| | | | |
| notice under the California Security Breach | | | | account holders if the institution becomes |
| Information Act. | | | | aware of |
| | | | |
| The situation is changing quickly on the | | | | unauthorized access to sensitive customer |
| federal level.Regulations have been issued by | | | | information. The |
| federal finance agencies | | | | |
| | | | directives apply to banks and savings and |
| that now force banks to tell customers when | | | | loan companies, |
| their personal | | | | |
| | | | but not credit unions.There are two serious |
| data has been exposed to unauthorized third | | | | loopholes in the regulations. First, a |
| parties. The | | | | |
| | | | financial institution that discovers a |
| regulations are issued pursuant to the | | | | database breach must |
| Gramm-Leach-Bliley | | | | |
| | | | only notify account holders if it is |
| Act, which contains language requiring | | | | "reasonably possible" |
| financial | | | | |
| | | | that personal details will be misused. |
| institutions to prevent unauthorized access | | | | Second, the |
| and use of | | | | |
| | | | regulations only apply to personal data, not |
| consumer information.The new regulations | | | | business or |
| appear to be a reaction to several | | | | |
| | | | commercial accounts.While these new |
| recent high-profile data leaks. They include | | | | regulations are a positive step, one could |
| incidents such | | | | |
| | | | drive a truck through the two loopholes. |
| as Bank of America losing data tapes | | | | |