Tamara Thompson over at PI News Link pointed out my misunderstanding regarding the regulation of personal information in the financial services industry (see PI News Link: ~ public thoughts on privacy ~), from my post regarding the need for regulation of the flow of personal data (see Credit Information Flow Should Be Regulated). I am not sure which part I am misunderstanding, so I am requesting some iteration.
But first a few points.
I am fully aware of how the core financial services industry (meaning banking, insurance, and securities) polices their constituents, including Patriot Act and Bank Secrecy Act compliance, and internal control policies and procedures required by the Federal Reserve, the Treasury Department, the SEC, the NASD, the CFTC, and various state regulatory bodies. Many of the recent incidents, however (with one exception being the Bank of America theft), did not involve entities regulated by one of those groups, but instead was failure on the part of intermediaries or their customers (see ID theft is inescapable).
The Fair Credit Reporting Act is supposed to address these issues, but § 607 seems a little weak compared to the byzantine NASD Manual, its requirement that every NASD member have entire staffs specifically delegated to knowing and enforcing said manual, developing and enforcing additional policies and procedures which extend and strengthen the aforementioned, and in some cases assuming personal financial and criminal liability for their failure.
I would love to take a look at additional regulations above and beyond 15 U.S.C. § 1681e that address internal controls for these intermediaries, and any other related information which may shed some further light on this issue.
I will change the title of the original post to Credit Information Flow Should Be Further Regulated, if someone can provide me with something of substance other than the few paragraphs of the FCRA.