Network News

X My Profile
View More Activity

CitiGroup Data Loss & More State Disclosure Laws

It looks like at least two more states have passed legislation to punish companies that fail to disclose when they lose control over their customers' financial and personal information.

Last week, I wrote about several states that recently enacted laws that force companies to reveal unauthorized access to consumer personal information, such as the theft or loss of data through a digital break-in, or even if the company just happens to lose or misplace the data.

The Minnesota legislature passed such a bill on May 23. And on June 3, lawmakers in Nevada sent a similar bill to the governor. No word yet on whether the governors in those two states are planning to approve the measures, but if the Information Technology Association of America had its way, the bills would be vetoed.

More states may decide to jump on the disclosure bandwagon as more companies report data losses. Case in point is CitiFinancial, the consumer finance division of Citigroup Inc., which said today that it has begun notifying some 3.9 million U.S. customers that computer tapes containing information about their accounts -- including Social Security numbers and payment histories -- have been lost, according to this piece from the Associated Press. Citigroup said the tapes were lost by the courier UPS Inc. in transit to a credit bureau, the AP reported.

Most of the data privacy legislation being debated in the states would govern the activities of public and privately-held companies. Banks and financial institutions are some of the most heavily-regulated companies in the nation, and most are already subject to data-breach notification statutes as laid out in the Gramm-Leach-Bliley Act of 1999. The open question is whether Congress will jump in and preempt the states with a national data privacy law, an issue addressed in my piece last week.

By Brian Krebs  |  June 6, 2005; 4:10 PM ET
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Before You Get Rid of that Hard Drive...
Next: Progress in the Fight Against Phishing?


My credit cards are with Citi and I am upset but I realize that Citi will be forced to reimburse me for anything that is done as a result of their negligence so I am going to remain calm.


Posted by: Karen | June 6, 2005 7:47 PM | Report abuse

Laws to DISCLOSE? How about some laws with some sort of judgement? They are intrusted with this information. Information that nowadays is crucial to personal and financial well-being!

Posted by: Lorraine | June 7, 2005 12:20 PM | Report abuse

What about UPS Inc.? Is it not responsible as well for the loss of such important cargo? We are supposed to trust on the competence of a postal service...

Posted by: Lali | June 7, 2005 3:24 PM | Report abuse

I am furious that Citi can be so nonchalant about this. 90 days of credit monitoring is an insult to my intelligence. The person who has the data has surely read all about it in the news and will wait till the coast is clear. I will have to worry about identity theft for years to come because of this. They owe me a whole lot more than 90 days.

Posted by: Gloria | June 10, 2005 8:30 PM | Report abuse

My Citi loan was paid off last year -- no relevant information to report. Why in the #$5#@!! are they exposing my critical data??? There should be class action suits for putting consumers at such risk and anguish, only now we have arbitration instead. I guess that change took out due diligence.

Posted by: Greg | June 18, 2005 11:16 AM | Report abuse

Just who uses Mag Tapes any more? Is this a coverup for some internal security flaws?

Posted by: Stephen | June 19, 2005 2:31 PM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company