ENTERPRISE | CONSUMER PRIVACY TIPS | DATA BREACHES & ALERTS | WHITEPAPERS

Treasury Report on Financial System Recommends Changes Involving Privacy

The U.S. Department of The Treasury issued a July 2018 report under Executive Order 13772 to President Donald J. Trump on A Financial System That Creates Economic Innovation. Among the recommendations for innovation among nonbank financials and FinTech were three that implicated the privacy of Americans:

– A federal data breach notification law that preempts state laws.
– A nationwide digital identity system spanning public and private entities.
– Regulation of data sharing to allow innovation between financial institutions and FinTech.

treasuryreportjuly2018

Privacy was not a stated reason for the report but it will continue to be an issue that interacts with efforts to facilitate economic growth for some time to come. The fact that it was discussed in the report shows what a central issue privacy has become in the United States this year.

Data Breach Law

The report notes that only 13 states have data security standards protecting financial data, and variations in state breach notification laws make compliance difficult. Instead, Treasury recommends that Congress enact a federal data security and breach notification law to protect consumer financial data and notify consumers of a breach in a timely manner. The components of such a law would:

– Protect consumer financial data;
– Ensure technology-neutral and scalable standards based on the entity’s size and activities; and
– Preempt state laws.

Digital Identity System

Treasury supports the adoption of a U.S. government digital identity system and the creation of a public-private partnership to implement it across the economy. According to the report, a nationwide digital identity system could reduce the risk from repeated exposure of Personally Identifiable Information (PII). Ultimately, it could strengthen the global economy by improving trustworthiness, security, privacy and convenience. To facilitate it, Treasury suggests leveraging the NIST guidelines and the REAL ID Act driver’s license regime.

Issues in FinTech Aggregation of Data

Treasury recommended changes in the interaction between consumers, their financial institutions and third-party data aggregators and FinTech applications acting on behalf of consumers. There has been a lot of innovation to allow a consumer access to their data in a useful format, but there remain issues that could benefit from regulation. For example, the report notes that the industry currently uses screen scraping with login credentials, posing cybersecurity and fraud risks. Treasury also suggested the development of consumer disclosures for the industry and a requirement to permit consumers to revoke their consent for access to their financial accounts and transaction data.

Implications for Privacy Regulation

There are going to be a lot of different ideas for the regulation of privacy as Congress beings to debate the language that should be signed into law. Many of the privacy bills in Congress so far have taken a comprehensive approach similar to the European Union’s General Data Protection Regulation (GDPR). However, there remains a lot of specific problems that may need addressed in individual industries. This would complicate the process of getting legislation adopted, but working through these issues during a comprehensive overhaul to privacy protections may ultimately result in a stronger bill and one that is better tailored to the individual problems of industry.

Treasury Report on Financial System Recommends Changes Involving Privacy

Contact

888-252-5653

About

Consumers

Businesses