• US
• EUROPE
• ASIA

• SIFMA Events
• Contact SIFMA

• About SIFMA

  • The SIFMA Organization
  • SIFMA Board and Officers
  • SIFMA Steering Committees
  • SIFMA Regional Boards
  • SIFMA Member Directory
  • SIFMA Senior Management
  • SIFMA Staff
  • Join SIFMA

• Capital Markets

  • Capital Markets Group
  • Fixed Income Markets
  • Risk/Prime Brokerage/Capital
  • Equity Markets
  • Interdealer Brokers
  • Capital Markets
  • Regional Capital Markets
• Private Client
• Asset Management

• Legislative

  • Current Hill Activities NEW
  • Federal Issues
  • International Issues
  • State Issues
  • Testimony
  • Legislative Correspondence
  • RetireSmarts
  • Landmark Legislation/Primer
  • Washington Weekly
  • PAC

• Media

  • Press Releases
  • SIFMA Update
  • SIFMA SmartBrief
  • FAQs
  • Public Statements
  • In the Media

• Regulatory/Legal

  • Issues
  • Comment Letters
  • White Papers
  • Amicus Briefs
  • Litigation
  • Self-Reg Materials
  • Regulatory Proposals
  • Regulatory Resources
  • ActionLine Update

• Research

  • Market Research
  • Statistical Tables
  • Surveys

• Services

  • Holiday Schedule
  • Standard Forms/Documentation
  • Business Continuity Planning
  • Technology/Operations
  • Divisions/Forums
  • Publications
  • Conference Presentations
  • Affinity Programs
  • Marketing Opportunities
  • Strategic Partnership
  • Legal Elite Partnership
  • eSources
  • Industry Education
  • HR/Diversity Resources
  • The Good Samaritan Program
  • Career Center
• Investor Education
• Emergency Alerts

Privacy and Data Protection

Related Issues

• Breach of Data Security
• Identity Theft/Social Security Numbers

Last Update:

SIFMA and FINRA Partner To Offer Investors Tips to Protect Financial Information - February 27, 2008

Identity Theft Tips & Resources: Keeping Your Account Secure—Tips for Protecting Your Financial Information - January 2008

SIFMA comment letter sent to the SEC on the Interagency Proposed Rule for Model Privacy Form under the Gramm-Leach-Bliley Act - May 29, 2007

SIFMA Comments to FTC On Issues Relating To Combating Identity Theft In Response To The Federal Identity Theft Task Force's Request For Public Comment - pdf, January 19, 2007

BACKGROUND/HISTORY

Identity Theft - How to Avoid Theft and What do do if it Happens to You, Investor Education Brochure - 5/8/03

Protection of Privacy in the U.S. Securities Industry

In 1999, Congress addressed the public's growing sense of unease over privacy by passing the most far-ranging and significant privacy protections pertaining to financial and personal data ever enacted. Even so, some state and federal policymakers have argued that the privacy protections contained in the Gramm-Leach-Bliley Act (GLBA) are not adequate, and that information about an individual customer should not be shared with third parties, or, perhaps, even with affiliates without the prior consent of the customer. As a result, Congress and state legislative bodies have considered legislation to allow consumers to: know how information collected about them is used; access whatever information the business holds about them; delete or correct information if it is incomplete or inaccurate, or if it is being used for a purpose to which the consumer has not consented; and, restrict the ability of financial services firms to share customer information between affiliates.

SIA believes that Congress struck the right balance when it adopted GLBA's privacy provisions against the backdrop of extensive pre-existing privacy protections already provided by the Fair Credit Reporting Act (FCRA) and other federal statutes. Through exceptionally broad definitions, GLBA protections apply to virtually all personal information held about the individual consumers of more than 40,000 financial institutions in this country - including less traditional "financial institutions" such as check cashers, information aggregators, and financial software providers. Coupled with protections mandated by FCRA, consumers now must be provided with:

• Notice of the institution's practices regarding information collection, disclosure, and use, which must be clear, conspicuous, and updated each year;
• Opt-out choice regarding the institution's sharing of information with non-affiliated third parties, and in certain instances, with affiliates;
• Security in the form of mandatory policies, procedures, systems, and controls to ensure that personal information remains confidential;
• Protection against inappropriate re-disclosure or re-use of personal information that is shared with third parties; and,
• Enforcement of privacy protections via the full panoply of enforcement powers of financial institutions' regulatory agencies (federal bank regulators, the SEC, state insurance authorities, and the FTC).

In addition to these protections, customers of financial institutions that handle personal health information, i.e., insurance companies, receive the extensive privacy protections of federal and state medical privacy laws. Taken together, SIA believes that this set of provisions form the most comprehensive set of privacy protections ever implemented in the United States.

The financial services industry has been very successful in forestalling privacy legislation on the state and federal levels. SIA is concerned that without federal legislation that includes a national uniform standard, the industry will be at risk of conducting business under a patchwork quilt of 50 different, more stringent, state standards. Importantly, additional unnecessary restrictions will reduce the efficiency, range of products, and quality of services that customers demand and financial services firms provide.

SIA supports enactment of a national uniform privacy standard for the financial services industry. Any privacy legislation should embody the following guiding principles:

1. Uniform National Privacy Standard
Federal privacy legislation must establish a uniform national privacy standard to prevent customer confusion, permit financial services industry participants to compete on even terms throughout the United States, and avoid the increased costs of compliance with inconsistent state and local privacy regimes.

2. Privacy Notices
Customer privacy notices should be required to clearly inform recipients of key information while minimizing consumer information overload and compliance burdens on financial service providers.

3. Functional Regulation
The appropriate functional regulator as designated under the Gramm-Leach-Bliley Act (GLBA) should enforce privacy regulations for the financial services industry.

4. "Doing Business with Customers" Exceptions
Any privacy legislation should, at a minimum, recognize the importance of maintaining the "doing business with customers" exceptions that exist under the GLBA. Such exceptions permit information sharing that is necessary to prevent fraud, create credit histories, underwrite insurance, engage in risk management practices, securitize loans, outsource functions to agents, and obtain legal advice, among other things.

5. Technology Neutral
Any legislation should recognize both online and offline data collection and allow consumers and financial service providers to benefit from technological advancements in the marketplace.

The following measures relating to financial privacy bills are pending in Congress.

More Information