August 20, 2013

    Problems implementing GLBA Compliance

    First, the GLBA does not protect consumers. It unfairly places the burden on the individual to protect privacy with an opt-out standard. By placing the burden on the customer to protect their data, GLBA weakens customer power to control their financial information. The agreement's opt-out provisions do not require institutions to provide a standard of protection for their customers regardless of whether they opt-out of the agreement. This provision is based on the assumption that financial companies will share information unless expressly told not to by their customers and if customers neglect to respond, it gives institutions that freedom to disclose customer nonpublic personal information.

    Second, the GLBA notices are confusing and limit the transparency of information practices. GLBA assumes a company will explain a complex set of legal definitions added to numerous exceptions to the law in a way that will allow for an informed choice and in transparent language. There are reservations about a company's desire to do this.

    Moreover, according to recent studies, most privacy and opt-out policies are usually convoluted, confusing, and misleading since they are created by entities whose interests are better served when there is no effective notice. GLBA does little to deal with the lack of transparency in the privacy notices themselves. Typical privacy notices do not include any specific information about how the data is actually used. GLBA notices do inform consumers that their personal information will be shared, but they generally do not inform the individual of who will receive the information or the purposes for which it will be used.

    Third, the GLBA fails to enhance consumers' control over affiliate information sharing. Consumers have no opt-out right against affiliate information sharing. In today's world of mega-mergers, a bank may have over one thousand affiliates, some of which may be completely unrelated to financial services.

    Fourth, financial institutions can evade opt-out requirements by exploiting the exceptions in the GLBA. The service provider/joint marketing exemption allows financial institutions to share information with non-affiliated third parties despite a consumer's opt-out.

    Fifth, the GLBA has weak enforcement and compensation mechanisms. GLBA's enforcement mechanisms are inadequate to assure compliance with even existing weak privacy protections. Enforcement rests solely with federal government agencies, leaving the individual no private right of action.

     

    Martin Horan

    Martin, Sharetru's Founder, brings deep expertise in secure file transfer and IT, driving market niche success through quality IT services.

    Other posts you might be interested in

    View All Posts