Laws Influencing Information Security and Privacy in the Financial Sector

docx

School

Meru University College of Science and Technology (MUCST) *

*We aren’t endorsed by this school

Course

238

Subject

Information Systems

Date

Nov 24, 2024

Type

docx

Pages

12

Uploaded by kipketervictor40

Report
1 Laws Influencing Information Security and Privacy in the Financial Sector Student Name: Institutional Affiliations: Date of Submission:
2 Abstract The financial sector is one of the primary targets for cybercriminals due to the sensitive information and substantial monetary funds at stake. As technology evolves, the laws governing information security and privacy in the financial sector must also keep pace. This research paper focuses on the laws that influence information security and privacy in the financial industry, specifically on an American financial institution, Citigroup. This paper discusses the organization, its business operations, scope, and areas of vulnerability. Additionally, it analyzes one law that influences compliance in the financial sector, the Gramm-Leach-Bliley Act (GLBA), including legal cases and critiques. It also examines Citigroup's intellectual property rights, trade secret protection, and risks related to criminal and tort laws. Finally, this paper discusses a case of a cyber attack on a financial institution and the subsequent forensic investigation. The report concludes with an overall assessment of how the legal system affects an organization in the financial sector, with recommendations for improving information security and privacy.
3 Introduction Citibank, also known as Citigroup, is an American multinational financial institution whose origins date back to 1812. It is a large, diversified financial services company that operates in over 160 countries and serves over 200 million customer accounts (Mike et al., 2022). Its primary business operations include consumer banking, corporate and investment banking, credit cards, and wealth management. Citigroup's revenue for 2020 was $74.3 billion, with a net income of $11.4 billion. It employs over 204,000 people globally and has total assets of $1.992 trillion as of 2020. Citigroup is a systemically important financial institution regulated by multiple federal and state agencies, including the Federal Reserve, the Office of the Comptroller of the Currency, and the Consumer Financial Protection Bureau. The Gramm-Leach-Bliley Act The Gramm-Leach-Bliley Act (GLBA) was passed in 1999 to modernize the financial industry and protect the privacy and security of consumers' personal information (Barth & Zhang, 2022). The act responded to the rapid growth of technology and the increasing internet use for financial transactions (Alharasis et al., 2023). The GLBA consists of three main parts, each addressing a specific aspect of consumer privacy and security.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
4 The first part of the GLBA is the Privacy Rule, which requires financial institutions to inform their customers about their policies and practices regarding collecting and sharing personal information (Barth & Zhang, 2022). This includes details on what information is collected, how it is used, and with whom it is shared. Financial institutions must also allow their customers to opt out of sharing their information with third parties. The Privacy Rule aims to give consumers greater control over their data and ensure they know how it is used. The second part of the GLBA is the Safeguards Rule, which mandates financial institutions to develop and implement a comprehensive security program to protect consumers' sensitive information. This includes measures such as employee training, encryption, and secure storage of data (Mireles & Hobaugh Jr, 2022). The Safeguards Rule ensures that financial institutions have adequate measures to prevent unauthorized access to consumers' personal information, thus reducing the risk of identity theft and fraud. The third and final part of the GLBA is the Pretexting provisions, which aim to protect consumers from fraudulent access to their personal information. Pretexting occurs when an individual or entity uses pretenses to obtain someone else's personal information (Miller, 2023). The GLBA makes it illegal for anyone to get or attempt to obtain personal information from a financial institution through
5 pretenses, such as posing as a customer or employee. The Pretexting provisions protect consumers from criminal activity and maintain their privacy. The GLBA has played a vital role in protecting consumers' personal information and promoting transparency in the financial industry. However, the act does have its limitations, as it only applies to financial institutions and not all businesses that handle personal information (Miller, 2023). This means that information shared with retailers, utility companies, and other non-financial institutions is not protected under the GLBA. In recent years, there have been calls for the GLBA to be updated to reflect the changing landscape of technology and the increasing threat of cyber attacks. Some have also argued that the act should cover all businesses, not just financial institutions, to protect consumers' personal information (Burkhart, 2023). In response, the Federal Trade Commission (FTC) has proposed amendments to the Safeguards Rule to align with the evolving cybersecurity landscape and to require financial institutions to implement more robust security measures. In conclusion, the Gramm-Leach-Bliley Act is an essential piece of legislation regulating financial institutions' handling of consumers' personal information (Burkhart, 2023). Its Privacy Rule, Safeguards Rule, and Pretexting provisions work together to protect consumers' privacy and prevent fraudulent access to personal information. While there have been calls for the GLBA to be
6 updated, it remains a critical tool in protecting consumers' sensitive information and promoting transparency in the financial industry. Legal Cases and Critiques of the GLBA There have been several legal cases based on the GLBA since its enactment. For instance, the Federal Trade Commission (FTC) has brought over 50 GLBA enforcement actions against various financial institutions for violations of the Privacy Rule and the Safeguards Rule. In 2006, the FTC filed a complaint against Citigroup for allegedly violating the GLBA by not adequately protecting its customers' personal information (Schooner, 2022). The FTC alleged that Citigroup failed to implement and maintain adequate safeguards to protect its customers' personal and financial information, leading to a massive data breach affecting over 3.9 million customers. The case was eventually settled, with Citigroup agreeing to implement a comprehensive information security program and undergo regular independent audits for 20 years. Despite the FTC's efforts to enforce the GLBA, many critics argue that the law lacks teeth and needs to be updated to keep pace with new technologies and threats. One of the main critiques of the GLBA is that it does not apply to non- financial companies that handle sensitive financial information, such as credit reporting agencies and retailers (Schooner, 2022). The Equifax data breach highlighted this loophole in 2017, where sensitive financial information of over
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
7 143 million customers was compromised. Additionally, the GLBA does not have a private right of action, meaning individuals cannot sue financial institutions for violating the law. This has been criticized by privacy advocates, who argue that individuals should have the right to hold companies accountable for negligently safeguarding their personal information. Intellectual Property Rights and Trade Secret Protection Citigroup has a significant presence in the intellectual property (IP) world. It has been issued thousands of patents and trademarks by the U.S. Patent and Trademark Office, mainly for its financial services, products, and technologies. These include patents related to its online banking and mobile banking applications (Guernsey et al., 2022). Given the competitive nature of the financial industry, Citigroup has a vested interest in protecting its trade secrets, such as customer information, confidential business processes, and new product developments. It uses various means to safeguard its trade secrets, including nondisclosure agreements with employees and outside parties, physical and technical security measures, and employee training. Criminal and Tort Risks Citigroup faces various criminal and tort risks, including money laundering, fraud, cyber-attacks, and data breaches. In 2012, Citigroup fell victim to a massive cyber-attack that compromised the personal information of 360,000 customers. The
8 attackers gained access to customers' names, account numbers, and contact information, but no financial data was compromised. The incident was a significant embarrassment for Citigroup and highlighted the vulnerability of financial institutions to cyber-attacks (Guernsey et al., 2022). In addition to cyber-attacks, Citigroup has faced numerous lawsuits and legal actions related to allegations of fraud, manipulation of financial markets, and violating consumer protection laws. Forensic Investigation in the Financial Sector In 2014, JPMorgan Chase, another major financial institution, was hit by a cyber-attack that compromised the personal information of 76 million households and 7 million small businesses. The incident highlighted the importance of conducting forensic investigations in the financial sector. Forensic analysis involves collecting and analyzing digital evidence to determine the extent of a cyber incident and the appropriate response. In the case of JPMorgan Chase, the forensic examination revealed that the attackers gained access to the company's systems through a compromised employee's credentials (Syaufi et al., 2023). As a result, JPMorgan Chase invested in enhanced security measures and improved employee training to prevent similar incidents in the future. Assessment of the Legal System The legal system, particularly laws related to compliance, IT, criminal, and torts, significantly impacts financial institutions like Citigroup. Compliance laws
9 such as the GLBA aim to protect consumers' personal information, but they often fall short due to loopholes and lack of enforcement. Protecting trade secrets is also crucial for financial institutions, given their highly competitive nature, and the legal system provides adequate support through patents, trademarks, and trade secret protection laws. At the same time, criminal and tort laws keep institutions like Citigroup in check and provide recourse for victims of fraud and data breaches. However, the legal system's pace is often slow, and the damage has already been done by the time a case is resolved (Bello et al., 2022). This is particularly true for cyber- attacks, which are evolving rapidly, and the legal system struggles to keep up. Forensic investigations are crucial for financial institutions to identify and respond to cyber-attacks and other incidents (Bello et al., 2022). However, they can be time-consuming and expensive, a significant challenge for organizations operating in a highly competitive and volatile industry like finance. As an information security and privacy risk consultant, I recommend that Citigroup and other financial institutions regularly review and update their information security policies and procedures to comply with the evolving legal landscape. This includes investing in advanced security measures, conducting regular risk assessments, and training employees on data security. Additionally, collaboration between financial
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
10 institutions and the legal system is crucial to developing effective laws and regulations that protect consumers' data while keeping up with emerging threats. Conclusion Financial institutions like Citigroup operate in a complex regulatory environment, facing numerous risks and challenges related to compliance, IT, criminal, and tort laws. While the legal system provides adequate support for protecting consumers' personal information and safeguarding trade secrets, there is still room for improvement to keep pace with emerging technologies and threats (Alharasis et al., 2023). Financial institutions must prioritize information security and privacy and collaborate with the legal system to develop effective strategies for protecting sensitive information and responding to incidents.
11 References Alharasis, E. E., Haddad, H., Alhadab, M., Shehadeh, M., & Hasan, E. F. (2023). Integrating forensic accounting in education and practices to detect and prevent fraud and misstatement: case study of Jordanian public sector. Journal of Financial Reporting and Accounting . Barth, J. R., & Zhang, S. (2022). Gramm-Leach-Bliley Act: Creating a New Bank for a New Millennium. Springer Books , 529-540. Bello, A. M., Mohammed, A., & Javan, H. (2022). Effects of forensic audit on fraud detection in the Nigerian banking sector. African Journal of Management and Business Research , 4 (1), 10-18. Burkhart, R. E. (2023). Dataset for" A Fractured Electorate?: French Presidential Election Forecasting for 2022". Guernsey, S., John, K., & Litov, L. P. (2022). Actively keeping secrets from creditors: Evidence from the uniform trade secrets act. Journal of Financial and Quantitative Analysis , 57 (7), 2516-2558. Mike, M. E. E., Okpe, J. U., & Abu, S. O. (2022). Forensic Accounting Investigation Techniques and Financial Crimes Reduction in Nigerian Public Sector: A Case Study of Anti-Graft Agencies (Efcc, Icpc and Ccb) in Nigeria. Archives of Business Research , 10 (8).
12 Miller, N. (2023). The Great Recession: economic black magic II. In Economic Myths and Magic (pp. 111-118). Edward Elgar Publishing. Mireles, M. S., & Hobaugh Jr, J. (2022). Cybersecurity Law . West Academic Publishing. Schooner, H. M. (2022). The Role of Rival Litigation in Wilmarth's New Glass- Steagall. U. Colo. L. Rev. , 93 , 961. Syaufi, A., Zahra, A. F., & Gholi, F. M. I. (2023). Employing Forensic Techniques in Proving and Prosecuting Cross-border Cyber-financial Crimes. International Journal of Cyber Criminology , 17 (1), 85-101.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Anuhya Ai week 7 - Copy.docx
Khan_K.docx
Beverly_Wood_IT621_Unit_4_Individual_Project.docx (1) (1).pdf
Untitled document.edited(153).docx
C838 (65).pdf
Emerging Topics 12.docx
CIS142_4.8_Building_First_Amazon_Virtual_Private_Cloud_VPC_Corey_Adams.docx
Introduction to FAA Orders and Manuals Highlighted.docx
1-1 Discussion Introductions and Cybercrime Investigations.docx
Re_ HK1414_ Post project review C3 6409.edited.docx
Screenshot 2023-11-29 at 8.51.31 PM.png
C838 (33).pdf