Non-Traditional Financial Service Providers - Auto Dealers, Tax Preparers, Payday Lenders, and Others - Beware Consumer Data Protection Law Applies to You

The Gramm-Leach-Bliley Act of 1999 requires financial institutions and businesses that offer consumers financial products or services, like financial or investment advice, or loans, to safeguard sensitive customer data and to notify customers of their information-sharing practices.  The law applies to all businesses, regardless of size, that are significantly engaged in providing financial products or services.  Businesses such as check-cashing establishments, payday lenders, mortgage brokers, nonbank lenders, personal property and real estate appraisers, couriers, credit reporting agencies, check guaranty providers, credit bureaus, and auto dealers that lease and/or provide financing, to name a few.  

A recent event illustrates the effect of the law on non-traditional providers. This year, for the first time, the FTC charged a tax return preparation business with noncompliance with the law. This is significant because the IRS reports that it is receiving reports of tax professional data breaches at the rate of 3-5 per week.  As large financial institutions, like banks and brokerages, have implemented tighter security measures, hackers are turning to smaller businesses, like tax preparers, that have weak or no controls in place.  Hackers mine tax documentation files for Social Security numbers and other personal information.  Often this data is used to fraudulently claim income tax refunds, among other illegal activities. It is not difficult to see how similar problems can befall other non-traditional financial service providers.

The law mandates that financial institutions comply with its financial privacy and safeguard rules.  The privacy rule requires businesses to inform customers about their privacy policies and practices with initial and annual notices; and the safeguard rules require that these businesses have measures in place to adequately secure customer data.

In order to safeguard their clients and avoid costly enforcement proceedings, businesses that provide financial services, such as the ones mentioned above, need to know the rules and take measures to comply with them. 

For more information regarding these rules and how to effect compliance, contact Emerson L. Dorsey, Jr. at 410.752.9723 or via email or any member of the business, corporate, and tax department.

This information has been prepared by Tydings for informational purposes only and does not constitute legal advice.