Slashdot Mirror
If a Financial Institution Mishandles My Data, What Recourse Do I Have?
grahamsaa writes: My sister recently consolidated her student loans, and the bank e-mailed the paperwork, which included her name, address, date of birth, social security number, drivers license number and bank account information to the wrong e-mail address. The address (a gmail address) is associated with a real person (not her), so someone now has all of her personal details. My sister claims that she read her e-mail address to the bank representative over the phone twice, but that it was transcribed incorrectly.
The real issue is that the bank was willing to use unencrypted e-mail at all to send sensitive information, and I told my sister that at a minimum the bank should cover electronic credit monitoring for her for a minimum of a year, but I feel like that alone probably isn't enough. While my sister should have insisted that they use a more secure means of sending this information, I think it should be the bank's responsibility to ensure that this kind of thing doesn't happen. What kind of recourse does a person in my sister's position have? Did the bank violate any laws (she lives in Connecticut in the United States)? Is there a standard penalty for this kind of thing? I'm not a lawyer, but I know some of you are. What are her options in this case?
The real issue is that the bank was willing to use unencrypted e-mail at all to send sensitive information, and I told my sister that at a minimum the bank should cover electronic credit monitoring for her for a minimum of a year, but I feel like that alone probably isn't enough. While my sister should have insisted that they use a more secure means of sending this information, I think it should be the bank's responsibility to ensure that this kind of thing doesn't happen. What kind of recourse does a person in my sister's position have? Did the bank violate any laws (she lives in Connecticut in the United States)? Is there a standard penalty for this kind of thing? I'm not a lawyer, but I know some of you are. What are her options in this case?
CFPB has regulations against sending such info in plain emails. Bank can get seriously fined.
If they are a lawyer, they're definitely lying.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Comment removed based on user account deletion
I too have this gmail phenomenon. There are some instances where I have received e-mails from multiple sources, all to the same 'other me' (A little more ambiguous in my case as it's first initial then surname).
Some people just assume they have this e-mail.
And in true spirit of 'there's an XKCD of this', this one was always pretty relevant for me lol... http://xkcd.com/1279/