Fear of fraud is fueling a rush of new state laws intended to protect consumers.

Fear of fraud is fueling a rush of new state laws intended to protect consumers. But in its path, this blazing regulatory fire may torch many financial services providers unable to keep up with all the new requirements.

“There’s 35 different states looking at privacy laws and depending on what information [lenders are] sending out, in some states that may trigger a violation of privacy laws,” worries Alfred Connizzo, chief operations officer, LandAmerica Credit Services, Norcross, Ga.

One leading area of lawmaking involves security breach notification, which centers on making lenders responsible for notifying customers when a breach (loss, compromise, theft, etc.) occurs. “It’s important to have a policy in place [explaining] what you’re going to do if there is a breach,” Connizzo counsels.

That responsibility, however, is becoming more difficult as individual states develop their own definitions of “public” versus “private” information.

“There are 35 different laws pending to define what that is,” according to Connizzo. “For some of them, ‘private’ is defined as the last name and any other piece of identifying information. [But] is that [really] private information?” he asks doubtfully. Connizzo is hoping a preemptive federal law will get rid of these changes being made by the states.

In the meantime, data breaches in the last year have exposed the personal information of more than 80 million Americans, according to the Privacy Rights Clearinghouse, a nonprofit organization that follows identity theft.

Among the most celebrated was the May 3 theft of computer disks holding the names, Social Security Numbers and other information of 26.6 million armed forces veterans.

Motivated by these occurrences, 17 states have passed “credit freeze” laws enabling consumers to prevent banks or credit agencies from issuing new accounts in their names. Businesses are opposed to such legislation because retailers, in particular, want to make it easy to buy and are willing to write off identity theft as a cost of doing business.

Focus on high-risk areas

But it is insider hacking that can be the most insidious threat to corporate security, according to Ian Lim, director of enterprise security, New Century Mortgage, Irvine, Calif., who estimates that it can emanate from “the 10 percent of those who can bypass 90 percent of a company’s protection.” Lim said, “You can’t secure everything so focus on high-risk areas. Identify, verify, analyze, prioritize and remediate.”

He elaborated: “Conduct an annual risk assessment in the third quarter of the year. Prioritize risk with your executive management and build remediation plans into departmental budgets.” Lim offered several Web sites to help companies keep up with the “current threat landscape.” Lim says “breaches may come from organized crime, terrorists, hackers and “hacktivists,” the last comprised of people “trying to make a point” in their cyber-thefts.”

One result of all this fraud is a heavier compliance burden for business. Peter Delano, senior analyst, investment management, TowerGroup, Needham, Mass., said the post-Enron/Worldcom climate is fanning the regulator flames when it comes to laws like those aimed at security breaches. “All this regulation … hurts — it hurts a lot, because just as soon as you think you have [one] figured out there are others; there’s no end, it’s ongoing testing, and reporting and monitoring,” Delano complains.

He reports that half of all financial services companies have had a major increase in efforts to meet compliance regulations from 2002 to 2005, and 15 percent of all operating costs are spent on compliance among large firms.

Show Comments Hide Comments


Sign up for Inman’s Morning Headlines
What you need to know to start your day with all the latest industry developments
By submitting your email address, you agree to receive marketing emails from Inman.
Thank you for subscribing to Morning Headlines.
Back to top
Prepare for this fall with top agents & brokers at Connect Now this Tuesday.GET YOUR TICKET×
Limited time: Get 30 days of Inman Select for $5.SUBSCRIBE×
Log in
If you created your account with Google or Facebook
Don't have an account?
Forgot your password?
No Problem

Simply enter the email address you used to create your account and click "Reset Password". You will receive additional instructions via email.

Forgot your username? If so please contact customer support at (510) 658-9252

Password Reset Confirmation

Password Reset Instructions have been sent to

Subscribe to The Weekender
Get the week's leading headlines delivered straight to your inbox.
Top headlines from around the real estate industry. Breaking news as it happens.
15 stories covering tech, special reports, video and opinion.
Unique features from hacker profiles to portal watch and video interviews.
Unique features from hacker profiles to portal watch and video interviews.
It looks like you’re already a Select Member!
To subscribe to exclusive newsletters, visit your email preferences in the account settings.
Up-to-the-minute news and interviews in your inbox, ticket discounts for Inman events and more
1-Step CheckoutPay with a credit card
By continuing, you agree to Inman’s Terms of Use and Privacy Policy.

You will be charged . Your subscription will automatically renew for on . For more details on our payment terms and how to cancel, click here.

Interested in a group subscription?
Finish setting up your subscription