As the spotlight brightens on the financial services industry’s use of data, Senate Banking, Housing, and Urban Affairs Committee Chairman Mike Crapo (R-ID) and Ranking Member Sherrod Brown (D-OH) officially began their work on the issue with a February 13th press release inviting feedback by March 15 on data privacy, protection, and collection of sensitive information by financial regulators and private companies. The release comes on the heels of the New York Department of Financial Services (DFS) issuing Circular Letter No. 1 to address algorithms and the use of external consumer data and information sources in the underwriting of life insurance. In short, both state and federal financial regulators are now keenly focused on “big data” and consumer privacy and security.
The Senate’s action is broader than the New York DFS and can have a major impact on all financial services companies, not only insurers. That’s because the Senate release focused broadly on the Fair Credit Reporting Act, which was adopted to promote the accuracy of — and access to — information in consumer reports.
The release is a must-read for financial services companies. Here are some of the key takeaways:
The collection and use of personally identifiable information will be a major focus of the Senate Banking Committee this Congress. Notably, this was a joint press release from Chairman Crapo and Ranking Member Brown, indicating a bipartisan interest in this issue.
The release poses five unique questions that ask what can be accomplished through “regulation or legislation or by implementing best practices” to govern the financial services regulators and private industry’s collection, use, and protection of personally identifiable information. This hints at not just a study or guidance from the Banking Committee, but real potential for legislation.
Three of the questions in the release address consumer “control” over consumer financial data, and how it is “used” and “shared,” while the other two questions address disclosure and access to data.
Interestingly, another major privacy law, the federal Gramm-Leach-Bliley Act, which includes provisions that govern privacy notices by financial institutions and related consumer data rights, is not mentioned in the release.
The Committee’s announcement highlights the fact that robust data privacy and security programs are now table stakes in the financial industry. And as we’ve mentioned before, big data and the algorithms that use big data are cool, but they should only be used with care. Let us know if this message starts to get annoying.