The Federal Trade Commission’s recently-released report, “Consumer Fraud and Identity Theft Complaint Data,” shows that for the seventh year in a row, identity theft was the number one consumer complaint category. Recent high profile breaches such as the one at TJX Co. – the parent of retailer T.J Maxx – have served to further intensify the public and regulatory scrutiny focused on the issue. This issue of data security will continue to present difficulties for both the creditor and ARM community.
The already fractious regulatory landscape is worsened by the possibility of further legislative change. As businesses continue to grapple with how best to comply with the existing federal regulations laid out in the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and the Fair and Accurate Credit Transaction Act, several bills introduced into the 110th Congress carry the potential to alter data security regulations, including:
- The Federal Agency Data Privacy Protection Act (H.R. 516)
- The Data Accountability and Trust Act (H.R. 958)
- The Data Security Act of 2007 (H.R. 1685)
Whether or not additional legislation will prove more effective at addressing data security concerns is debatable. What is certain is that the issue has yet to be remedied for either the private sector or the federal government, as evidenced by the accidental, unauthorized release of information by the Department of Veterans Affairs in 2006.
As it stands, the risk to reputation associated with a data breach, along with the legal ramifications of noncompliance, have pushed the development of a number of standards, but these same forces have also added to the complexity and costs associated with compliance. Whether these costs become prohibitive should be of concern to the financial services industry.
In sum, data security continues to be a vexing problem for both creditors and the ARM industry, and though no uniform standard exists, the cost and liability associated with compliance should continue to push the discussion of creating such a standard.
For more information, contact us at email@example.com.
Comments are closed.