I. Introduction; the General Rule -
Businesses that straddle the worlds of finance and technology are subject to a regulatory patchwork that is only increasing in complexity as governments take a greater interest in privacy, data security and consumer protection. As these two worlds converge, an increasing number of businesses will become subject to existing regulatory regimes as well as new initiatives from government agencies and industry players. Whether your business deals with individual or institutional customers, you are likely subject to a variety of legal and practical constraints in operating your business.
Data security and privacy standards for companies in the financial sector are generally well-settled, at least in theory. Companies generally must maintain reasonable procedures to protect sensitive information. However, this determination is highly context-specific: whether your security practices are reasonable depends on the nature and size of your business, the types of information you collect or have access to, the data security tools available to you based on your company’s resources, and the particular security risks your business is likely to face. In addition to this general rule, there are a number of statutes that impose specific obligations on certain types of businesses operating in this space.
Originally published in BNA’s Banking Report, 100 BBR 766, 4/23/13.
Please see full publication below for more information.