Considering the European Union’s status as a bastion of privacy in the digital age, it may come as a surprise that currently, the EU prescribes no breach notification requirements (BNR) for financial institutions. The explanation for this conspicuous lacuna derives partly from an accident of history and partly from the same political forces that have…
Author: James C. Robinson
The Ongoing Debate Over Federal Preemption in Breach Notification Requirements for Financial Institutions
Financial Institutions operating in the United States face two sets of breach notification requirements (BNR): one established by the Gramm-Leech Bliley Act (GLBA), and the other by state law. Currently, the GLBA sets a minimum BNR, allowing states to develop higher standards.1 For example, while under the GLBA an institution is only responsible for notifying…