Compliance regulations, including those targeting the finance industry, are in place to protect sensitive personal information, right? Apparently some people at the giant, “mega banks” didn’t get the memo. I once completed a real estate transaction and got to see first-hand how the Gramm-Leach-Bliley Act, PCI DSS and even state breach notification laws are completely and utterly ignored in the real world.
I saw firsthand unbelievably sloppy handling of Social Security Numbers and similarly sensitive information via pdf files, emails and the like. I was expecting to see such behavior and was doubly intrigued (but not surprised) when I saw the under-protected smartphones and unencrypted laptops processing and storing all of this information. Another funny bit: We were even sent the financial history of the opposite party via a cc’d email. Nice.
I found it interesting that the giant banks are so careless. After all, they have such great visibility in financial compliance regulation arena, not to mention those glossy marketing pamphlets promising us that they value our personal information and vowing to keep it protected. Talk is cheap indeed.
I’m not picking on just the giant monster mega banks. I dealt with a small community bank as well, and when I asked the lender some basic questions about her computer’s security and the bank’s data management processes, she looked at me like I was crazy. It was as if I didn’t need to know that kind of stuff.
Sure, financial compliance regulations are a means for government and industry bodies to fall back and enact sanctions when people don’t obey the rules. In reality, they’re often for show and not much else. It’s easy for “corporate” to enact their policies and wow their auditors and regulators. But when the rubber meets the road at the local level, it’s quite a different story. I’ve seen it in my security assessment work, but my experience provided deeper insight into banking and the financial industry as a whole — not to mention this grand façade we call “compliance.”
It reminds me of the saying “when seconds count, the police are just minutes away.” Relying on regulations to keep our personal information in check is short-sighted. You have to look out for yourself because someone along the chain of custody at these financial institutions, whether intentional or not, will no doubt be careless in their actions.
Keep all of this in mind the next time you buy or sell a home or give out tons of personal information to a business in the financial industry. Perhaps the time’s ripe to freeze your credit if you haven’t done so. Many people aren’t aware of it, but freezes are one of the cheapest and most foolproof means of protecting your credit. It won’t keep people from accessing your private information, but at least the criminals won’t be able to get credit in your name — which can be real mess to get out of. Home buyer beware.