Legal protections for consumer privacy
Fortunately, there exist protections in the law that require financial institutions and companies that have access to consumers’ private financial information to put measures in place to protect their privacy.
The Federal Trade Commission (FTC) describes the Gramm-Leach-Bliley Act as follows: “The Gramm-Leach-Bliley Act requires financial institutions – companies that offer consumers financial products or services like loans, financial or investment advice, or insurance – to explain their information-sharing practices to their customers and to safeguard sensitive data.”
Essentially, the GLBA requires financial companies to provide privacy notices to consumers that explain their information-sharing practices. Consumers, for their part, can choose to “opt-out” and limit some access to their information.
Consumers and customers have the right to opt-out of having their information shared with certain third parties. Companies must provide instructions in their privacy notices of how a person might easily opt out.
Consumers may not opt out in certain situations, such as when:
- A financial institution shares information with outside companies that provide essential services like data processing or servicing accounts
- The disclosure is legally required
- A financial institution shares customer data with outside service providers that market the financial company’s products or services
The law prohibits financial institutions from disclosing customer account numbers whether or not the individual has opted out of sharing their information.
What happens when financial institutions violate consumer privacy laws?
An individual can take legal action against a financial institution that violates his or her privacy. In the past few years there have been several, high-profile data breaches at large corporations that have violated millions of consumers’ privacy.
For example: a consumer is suing Anthem, which is the second largest U.S. health insurance company, after their computer system was hacked last year exposing tens of millions of current and former customers as well as employees. The lawsuit accuses Anthem of failing to properly secure and protect its customers’ personal information which included names, dates of birth and social security numbers, according to an article in Bloomberg News.
Financial institutions and other corporations that have access to sensitive information about consumers owe a duty to take measures to keep that data safe from hackers, and safe from third party, non-affiliated companies without permission.
If you feel like your right to privacy has been violated by a financial institution, we want to hear your story. Please contact Jonathan Nace Paulson & Nace, PLLC to learn more.