On Demand Library
Created in partnership with
What Kind of Companies Need to Worry about Financial Data Privacy?
5:26
Legal Disclaimer 
The information provided in this video does not, and is not intended to, constitute legal advice, instead, all information, content, and materials available on this site are for general informational purposes only. The law changes fast, so information in the video may not constitute the most up-to-date legal or other information. 
Overview of Major Global Privacy Laws
General Privacy Law Principles
What Kinds of Companies Need to Worry About Health Data?
Overview of US Privacy Laws
Who Engages in a Data Breach?
Transcript

00:05
Adam Stofsky
What kinds of companies need to worry about financial data privacy? Is it just banks and credit unions or financial technology companies, or is it broader than that? I mean, everyone, every company. I mean, you're a company, right? You engage in financial transactions, you get credit card numbers, and you have people's financial data. Who needs to worry about this universe of, you know, financial data protection? 


00:29
Sherry Safchuk
That's a great question, Adam. So I would bucket them into three buckets. The first bucket is any company that offers a financial service or a financial product. So a financial service could be, for example, investment services or insurance services, and a product could be a credit card or a loan. So any information that you provide to a company related to obtaining a financial service or product, that's all subject to these financial data loss. Anyone else that is holding this type of information. So even if you're not the one that's offering the financial service or product, but you're helping a financial institution offer these products, that entity will also be subject to these financial data privacy laws. And the laws that apply to them are a bit different. 


01:31
Sherry Safchuk
So it's more of restrictions on how they can use and disclose that information outside of the relationship between that third party and the financial institution. And then the last bucket is anyone that is using or disclosing this non public financial information. You may have companies that are just holding the information, but you also have companies that are actually processing the information or maybe disclosing that information to third parties. Anything kind of touching that non public financial information, which is any type of information provided to obtain a financial service or product, that's all subject to the financial data privacy laws. Then we have another category that I won't get into because it's super complicated, but the consumer reporting side of it, that's also subject to the financial data privacy laws. 


02:32
Sherry Safchuk
And that really applies to consumer reporting agencies and those entities that provide information to the consumer reporting agencies or that receive information from the consumer reporting agencies. 


02:46
Adam Stofsky
Okay, so what about just your regular old business transaction? I sell shoes online, and I just sell them to customers and they transfer me money or pay with a credit card. I use stripe or something. Do me the shoe seller business have to worry about. I know I have to worry about other privacy laws. Do I need to worry about these laws if I'm doing nothing except just taking people's money in exchange for goods and services? 


03:13
Sherry Safchuk
That's a good question. Retailers don't have to worry about these laws because the relationship they have with that information is almost instantaneously. And for the most part, they aren't receiving any non public financial information that's really going through the credit card companies. They're receiving the output from the transaction, which is ultimately funds. 


03:38
Adam Stofsky
What if I'm, like, old school style, have the little credit card, you know, those machines I'm talking about where you have, like, the, you old enough to remember this? I'm old enough to remember anyway. And so I got a pile of, like, people's credit card numbers sitting on my desk in my, like, brick and mortar shoe store. I do have people's financial data. Do I still not count or do I slow? Do I have to worry about it. 


03:59
Sherry Safchuk
Now that information's kept for record retention and not necessarily to process it or to use it further than keeping a record of the transaction for purposes of the credit card. So I think that's a bit on the line, especially because that retailer doesn't have a continuing relationship with that customer. There are other avenues, like rewards cards and all that, but that's kind of outside of the financial data world. 


04:28
Adam Stofsky
I guess that was my next question is, can you give us an example of a non a company that you wouldn't think of conventionally as a financial services company at all that may have to worry about these laws? 


04:41
Sherry Safchuk
So I think entities that think they may be a service provider or helping a financial institution, they may be contractually required to comply with these laws by association. So one of the things I advise clients is take a look at your contracts and requirements are related to data privacy and confidential information. 


05:06
Adam Stofsky
I have a cool new SaaS product I'm going to sell to a lot of banks, my customers. I need to at least be concerned about this. 


05:12
Sherry Safchuk
Yes, yes. Absolutely. 


05:15
Adam Stofsky
Great. That was a great summary about who needs to worry about financial data privacy. Thank you so much, Sherry. 

PDFs
Audio
Share Video
Embed Video
© 2024 Briefly
Terms of Use
Privacy