Database Hacks Are Banks Required To Notify You

Ever wonder if banks are required to tell customers when their systems are hacked? You may be shocked to learn that they are not. The only exception to this standard has been database hacks that effect California residents. Companies doing business in California are required to give such notice under the California Security Breach Information Act. The situation is changing quickly on the federal level.Regulations have been issued by federal finance agencies that now force banks to tell customers when their personal data has been exposed to unauthorized third parties. The regulations are issued pursuant to the Gramm-Leach-Bliley Act, which contains language requiring financial institutions to prevent unauthorized access and use of consumer information.

The new regulations appear to be a reaction to several recent high-profile data leaks. They include incidents such as Bank of America losing data tapes containing information for over 1 million government employees and the breach of databases for LexisNexis and ChoicePoint. It is well known that numerous other banks have also been hacked over the years, but the information has been hushed up.The new regulations require financial institutions to notify account holders if the institution becomes aware of unauthorized access to sensitive customer information.

The directives apply to banks and savings and loan companies, but not credit unions.There are two serious loopholes in the regulations. First, a financial institution that discovers a database breach must only notify account holders if it is "reasonably possible" that personal details will be misused.

Second, the regulations only apply to personal data, not business or commercial accounts.While these new regulations are a positive step, one could drive a truck through the two loopholes. Determining whether it is "reasonably possible" that your information will be misused is a vague standard that many financial institutions will use to withhold information.

Put bluntly, the notification regulations are gutless.The best method for keeping an eye on database breaches is to look for stories in the news. Under California law, companies are required to give notice to California residents when breaches occur.

If you see a story about your bank giving notice of a hack to California residents, your personal information may have also been exposed. Hackers do not restrict their attacks to California residents.


Richard Chapo is an attorney with - a law firm providing legal advice to California businesses. This article is for general education purposes and does not address every facet of the subject matter.

Nothing in this article creates an attorney-client relationship.

By: Richard Chapo

Legal Advice

Corporate Records What to Keep - Whether youÂ?ve created a corporation or limited liability company, you must maintain records.

Coverage Under Floridas Lemon Law - If you live in Florida and you've got yourself stuck with what looks to you like a lemon car, you'll want to know about the Florida lemon Law.

Overwhelmed By Student Loan Debt Consider a Consolidate Stu - A consolidate student loan is the perfect solution for people who need help managing their debt.

Business Name How To Pick One From A Legal Perspective - A business name can be a huge factor in the ultimate success or failure of the entity.

Choosing the Best Atlanta Personal Injury Lawyer - If you're in need of a personal injury lawyer, it means that you've already experienced something terrible - either you or your loved one has been hurt.

© Copyright 2024 All rights reserved.
Unauthorized duplication in part or whole strictly prohibited by international copyright law.