Agencies

Anti-Money Laundering

Business Continuity & Disaster Recovery

Compliance

Emerging Technology

Governance and Standards

Identity Theft

Leadership Management

Physical Security

Risk Management

Training & Education

Webinar Calendar

Vendor Directory

Content Library

Products

Events

About Us

Resources

Key Federal Privacy Laws Do Not Require Information Resellers to Safeguard All Sensitve Data

Gramm-Leach-Bliley Act (GLBA)
GuidanceGovernment Accountability Office (GAO)Identity Theft
Privacy

Why GAO Did This Study
The growth of information resellers-companies that collect and resell publicly available and private information on individuals-has raised privacy and security concerns about this industry. These companies collectively maintain large amounts of detailed personal information on nearly all American consumers, and some have experienced security breaches in recent years.

GAO was asked to examine (1) financial institutions' use of resellers; (2) federal privacy and security laws applicable to resellers; (3) federal regulators' oversight of resellers; and (4) regulators' oversight of financial institution compliance with privacy and data security laws. To address these objectives, GAO analyzed documents and interviewed representatives from 10 information resellers, 14 financial institutions, 11 regulators, industry and consumer groups, and others.

> Read entire regulation (log in required - registration is free)