00:05
Adam Stofsky
Hey, Sheri, how are you today?
00:06
Sherry Safchuk
Hi, Adam. How are you? Thank you for having me.
00:09
Adam Stofsky
Yeah, good. So I'm here with Sheri to talk about the kind of complicated topic of financial data privacy, something I'll confess I don't know a whole lot about. It's kind of confusing. So Sherry's here to straighten us all out. So, Sherry, can you just give us a bird's eye view, sort of overview of what are the laws that govern the way companies need to handle financial data. Just give us the overview.
00:36
Sherry Safchuk
Today we're going to focus more on the US because there are international laws that apply to financial data, and that's a whole episode in and of itself. There are a couple layers of financial information privacy laws that apply to financial information. So the first layer is federal laws. And under the federal law umbrella, you have the Gram Leach Bliley act and the Fair Credit Reporting act. The Gram Leach Bliley act is a law that governs what is called non public personal information, which is any information that you provide to a financial institution to get a financial product or service. So what this law does is it provides financial institutions with several requirements to give customers notice of the information that's going to be shared and an opportunity to opt out. The Grand Leash Bliley act is really focused on non affiliated sharing.
01:34
Sherry Safchuk
Non affiliated sharing means sharing with third parties that have no relationship to you. And then you have the Fair Credit Reporting act. The Fair Credit Reporting act governs two things. It governs credit reports that we all know when we go and get a financial product and service. And it has significant requirements to what is known as a consumer reporting agency, your big three data agencies that everyone's aware of. And then you have some smaller consumer reporting agencies. The Fair Credit Reporting act also governs sharing with affiliates. So sharing within your family of companies. And that is very limited sharing and relates to financial information, specifically anything from consumer reports to information you provide to a lender or a credit card holder in an application. So those are the two laws that really govern financial information at the federal level.
02:32
Sherry Safchuk
Then you have laws at the state level that apply to financial information. So you have, historically a California law and a Vermont law that's very similar to the Graham Leach Bliley act and the Fair Credit Reporting act, but they're a little bit more restrictive. So for California and Vermont, you folks have to opt in to get these marketings. You have to actually ask for the marketings, which doesn't really happen often. There are also disclosure requirements that apply to these laws. And just because we have federal laws doesn't mean that these laws don't apply. They, in fact, do apply, and some of the federal laws call them out as applying. So that's one area really focus on, especially California is one of the largest economies, so it's high focus.
03:24
Sherry Safchuk
And then the last law that applies to financial information is the California Consumer Privacy act law. And that while it has an exemption for this financial information that we've just discussed, because this financial information is governed by the Gram Leach Bliley act and the Fair Credit Reporting act, there is still a bucket of information that financial institutions may collect that have nothing to do with financial information and products. And that bucket of information, usually in the marketing space, is where you'll see this information. That type of information is covered by the California Consumer Privacy act. And there you have notice requirements, opt out requirements, and a whole layer of additional requirements that would apply to the non financial information that a financial institution may have.
04:20
Adam Stofsky
So this is the CCPA, right? So this is a general data protection law. So this is things like all of a bank's customers names and addresses and maybe other jobs or things like that are not financial in nature. Those are not covered by the GLBA, but are covered by the CCPA.
04:40
Sherry Safchuk
So those are covered by the GLBA. What's not covered by the GLBA is any information they obtain that's not related to a financial product or service. Any information they receive on, like, a contact Us page, any information that they may buy from a lead generator, for example, a list of names, for example, any of their employee information or information on their vendors or commercial space. That's all covered by the CCPA. And outside of the GLBA, the Gram Leach bliley act. So the California law is called the California Financial Information Privacy act, or SafIPA. And then the Vermont law is just the Vermont privacy law. It doesn't have. I'm not aware of an acronym.
05:27
Adam Stofsky
All right. Wow. So this is, I'm not gonna say this isn't a lot, but let's just quickly recap. So we have federal laws that apply to the whole country, and they're the GLBA, the Gramm Leach Bliley act, and the Fair Credit Reporting act. Do you call it the FCRA?
05:42
Sherry Safchuk
FCRA, yeah.
05:44
Adam Stofsky
Then you got these Vermont and California laws, which are also specific to financial data, but have slightly more restrictive requirements. So a lot of companies have to follow them. All right, Sherry, thanks so much.
<div style="padding:56.25% 0 0 0;position:relative;"><iframe src="https://player.vimeo.com/video/905668100?badge=0&autopause=0&player_id=0&app_id=58479" frameborder="0" allow="autoplay; fullscreen; picture-in-picture" style="position:absolute;top:0;left:0;width:100%;height:100%;" title="12028_Overview of US Financial Data Privacy Laws"></iframe></div><script src="https://player.vimeo.com/api/player.js"></script>