PCBB
BID Daily Newsletter
February 24, 2020

BID Daily Newsletter

February 24, 2020

Data Privacy Laws - What You Should Know

Summary: Data privacy is a big issue these days that seems to be spreading nationwide. We provide you with some insight to help.
Saving for retirement makes sense, so we remind bankers to tell your employees that 401(k) contribution limits in 2020 allow people to save $19,500/year vs. just $6,500/year in an IRA.
Another thing that makes sense for community financial institutions (CFIs) to monitor closely is data privacy. It is quickly becoming a hot-button topic for social media networks, retailers, and financial institutions (FIs) alike.
Indeed, the issues surrounding who controls consumer data really began to swell a little more than 3Ys ago, with the General Data Protection Regulation (GDPR) in the European Union, which went into effect in May 2018. It set harsh penalties and fines for companies that violated the bounds of consumer data privacy.
This year, CA pushed forward some of the most aggressive consumer privacy laws. FIs that do business in CA will need to comply with the new California Consumer Privacy Act (CCPA). It has been compared to GDPR and it is tough indeed. Even if they don't do business in CA, CFIs across the country must now deal with this issue, as it spreads to other states too.
As of late 2019, consumer data privacy bills were pending in HI, MA, MD, NY and SD - some of which may be more restrictive on companies than CCPA. For example, the New York Privacy Act would apply to all businesses that handle consumer data, whereas the California law only affects businesses with annual revenue of $25mm or more.
Since financial institutions' handling of consumer data is already covered by the Gramm-Leach-Bliley Act (GLBA), time will tell how the enforcement of these new privacy regulations will work alongside those rules and regulations. Given the heightened global emphasis on giving consumers more control of their own information, FIs of all sizes should consider their own approach to collecting, keeping, sharing, using and getting rid of customer data. Here are some things to help with that:
Be careful sharing data. The CCPA offers FIs an exemption on collecting consumer data, which is already covered in the GLBA. But, the CCPA more carefully restricts how any business, even FIs, can share that data with third parties. Consumers can ask exactly what information the institution has, disallow sharing of that data with third parties, and ask companies to delete that information from their records entirely.
Breaches will get more costly. Bankers know that a cyberattack could cost them money, as well as damage their reputation. But, the CCPA allows each affected customer up to $750 per breach that impacts their data. Now is a good time to review your cyber coverage.
Business borrowing will be impacted too. One area that CCPA covers that GLBA does not is personal data related to commercial and business loans. It covers the customers' data related to their business loan services and products, as well as retail lending. So, IT and compliance should wisely vet where they may have exposure to this data to protect the CFI.