Consumer Privacy Laws for Lenders

By Michael Dunn, CMB

Lenders have a responsibility to protect consumer data, that is clear. In addition to that oath of protection required by law, lenders must also be transparent with the methods they employ to collect and share private consumer information. The Gramm-Leach-Bliley Act (GLBA) compels financial institutions to disclose their information-sharing practices and to safeguard the sensitive data of consumers. On the state level, California , Colorado and Virginia have more comprehensive consumer privacy laws in addition to the GLBA. The increased reliance on digital platforms for information sharing and advertising - combined with state-specific privacy laws - makes compliance more important than ever.

The California Consumer Privacy Act (CCPA) is a bellwether for other states looking to introduce state-specific consumer privacy legislation. In California, consumers have the right to request that a business disclose every category and piece of personal information that was collected and, if applicable, which information was sold or shared. They may also request that a business delete any personal information from their database. These regulations will become more pertinent as companies digitize their processes, from social media marketing activities and advertising to data collection and everything in between.

As more companies turn to social media as an advertising tool, the risk for data breach increases. The usage of “contact us” pages, direct messages, texts and emails makes consumers vulnerable to having their personal information stolen. Under the CCPA, lenders have a responsibility to inform consumers of the type of personal information to be collected, the length of time that information is retained and for what purposes that information is sold or shared, if applicable. Lenders who advertise and solicit business through social media channels must take extra precautions to safeguard the information that gets submitted. It is therefore essential that lenders monitor online activities which could jeopardize the personal information of consumers.

It is inevitable that more states will introduce legislation to protect consumer privacy. As such, the compliance with these Privacy laws is crucial to the continuing success of the business as well as the safety of consumers. Proper monitoring combined with effective remedial measures will ensure compliance on behalf of the lender. By protecting sensitive data and remaining transparent about the methods of collection and distribution, consumers will be better informed and lenders will remain compliant with the evolving regulations surrounding consumer privacy.