CitiGroup Data Loss & More State Disclosure Laws
It looks like at least two more states have passed legislation to punish companies that fail to disclose when they lose control over their customers' financial and personal information.
Last week, I wrote about several states that recently enacted laws that force companies to reveal unauthorized access to consumer personal information, such as the theft or loss of data through a digital break-in, or even if the company just happens to lose or misplace the data.
The Minnesota legislature passed such a bill on May 23. And on June 3, lawmakers in Nevada sent a similar bill to the governor. No word yet on whether the governors in those two states are planning to approve the measures, but if the Information Technology Association of America had its way, the bills would be vetoed.
More states may decide to jump on the disclosure bandwagon as more companies report data losses. Case in point is CitiFinancial, the consumer finance division of Citigroup Inc., which said today that it has begun notifying some 3.9 million U.S. customers that computer tapes containing information about their accounts -- including Social Security numbers and payment histories -- have been lost, according to this piece from the Associated Press. Citigroup said the tapes were lost by the courier UPS Inc. in transit to a credit bureau, the AP reported.
Most of the data privacy legislation being debated in the states would govern the activities of public and privately-held companies. Banks and financial institutions are some of the most heavily-regulated companies in the nation, and most are already subject to data-breach notification statutes as laid out in the Gramm-Leach-Bliley Act of 1999. The open question is whether Congress will jump in and preempt the states with a national data privacy law, an issue addressed in my piece last week.
Posted by: Karen | June 6, 2005 7:47 PM | Report abuse
Posted by: Lorraine | June 7, 2005 12:20 PM | Report abuse
Posted by: Lali | June 7, 2005 3:24 PM | Report abuse
Posted by: Gloria | June 10, 2005 8:30 PM | Report abuse
Posted by: Greg | June 18, 2005 11:16 AM | Report abuse
Posted by: Stephen | June 19, 2005 2:31 PM | Report abuse
The comments to this entry are closed.