The Expert's View with Trevor Hughes

State of Privacy in Financial Services

The intersection of data privacy and the financial services sector is one of the most interesting in the marketplace, and I very much look forward to discussing the topic. Let's start by exploring the issues currently in play.


It is impossible to discuss the topic of data privacy in the financial services sector without mentioning the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act, which not only emboldened the U.S. Securities and Exchange Commission with new enforcement powers, but also created an entirely new agency - the Consumer Financial Protection Bureau (CFPB), which is empowered to regulate data privacy matters for non-depository financial institutions. Many in the industry are struggling to prepare for the mandates soon to emerge from the CFPB. Uncertainty abounds when it comes to the agency's anticipated effects. Although those in the field understand very well that the CFPB will have an enormous impact on privacy policy-making responsibilities, questions remain about what the agency will actually do. What policies will it set, and how will it intersect with other government agencies?

Broad-based legislation?

One great pastime of those working in the data privacy arena is predicting the potential of a broad-based privacy bill passing in the U.S. Congress. Depending on the year and the media coverage, predictions can run from "zero-chance" to "absolutely certain," even across varying political cycles.

This year is no different. Multiple bills have been introduced by prominent members of congress, and they are making their way through the legislative process.

If the frequency and intensity of hearings on The Hill is any indication of the likelihood of a broad-based bill passing, it would seem we are on track for one; 2011 has been one of the most active years for privacy in the past decade. The House Energy and Commerce Committee, Senate Commerce Committee, Senate Banking Committee, Federal Communications Commission Wireless Bureau and the new Senate Judiciary Subcommittee on Privacy, Technology and the Law, among others, all have hosted hearings - in some cases multiple hearings - that have focused on data privacy or touched on it in some way.

We expect these high-level discussions to continue, and we will be listening closely as the dialogue deepens and the leaders in this new public policy race begin to emerge.


Enforcement - the teeth of data privacy - traditionally has had a profound effect on marketplace practices. As a result, we're seeing enforcers such as the Federal Trade Commission, Securities and Exchange Commission, state attorneys general, stepping up activity in this area and calling out those companies that step afoul of privacy laws. Earlier this year, FINRA levied a $600,000 fine on a financial securities firm for failing to protect consumer information. In April, the SEC fined three individuals for violations of the Privacy Rule and Safeguards Rule of Regulation S-P. The FTC dropped a $1.8 million fine on Teletrack Inc. in June for FCRA violations. And Indiana's attorney general hit a state insurer with a $100,000 levy in July for delaying notification of a data breach. But there's more to enforcement than just agency actions. The class-action bar has gained traction in the past year, beginning to find success in bringing privacy claims against organizations. Certainly, these developments are to be ignored at one's own peril. The stage is set for a fascinating explosion of privacy issues and their resulting affect on the financial services sector and the greater marketplace in the months and years to come. I look forward to sharing future insight on this most exciting and heated data privacy landscape.

Trevor Hughes is an attorney specializing in e-commerce, privacy and technology law. In his role as Executive Director of the IAPP, Hughes leads the world's largest association of privacy professionals.

About the Author

Trevor Hughes

Trevor Hughes

CEO & President, International Association of Privacy Professionals

Hughes is an attorney specializing in e-commerce, privacy and technology law. In his role as executive director of the IAPP, Hughes leads the world's largest association of privacy professionals. He has testified before the U.S. Congress Commerce Committee, the U.S. Senate Commerce Committee, the U.S. Federal Trade Commission and the EU Parliament on issues of privacy and data protection, spam prevention and privacy-sensitive technologies.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.