« 21-Day Issue - A Skip Solution? | Main | HOEPA Wins; Fair Lending; Freebie/Shameless Plug »

August 13, 2009


Jason Clarke

Hi Steve. Thanks for the cool resource on privacy laws! I have a question about that...does a credit union have to follow the privacy laws of the state in which they are headquartered or the state in which the affected members live?

Steve Van Beek

Jason, it will probably depend on the language of the law itself. The state law would indicate whom it covers - which would most likely be the residents of that state. For example, Missouri residents (consumer is defined as a "an individual who is a resident of this state" [Missouri]) would be covered by Missouri's data breach law - even if they conduct business with a credit union in another state.

Jason Clarke

So in the event of any kind of data breach we will have to look to the state laws for any state in which we have members, because there is the potential for different standards and thresholds for reporting.

The comments to this entry are closed.

Enter your email address:

Delivered by FeedBurner