Identity theft, data loss and other privacy violations are among the leading threats faced by financial institutions. Depending on their nature, they can inflict reputational and brand damage, cause revenue losses and prompt civil liability suits by customers. What's more, regulators are taking an increasingly hard line in these matters. Two new regulatory measures to safeguard investor privacy have far-reaching implications for investment companies, and executives need to take steps to comply.
The first measure, the "Identity Theft Red Flags" rule, was issued by the Federal Trade Commission in November 2007. It has been discussed largely in terms of its impact on banks and credit and debit card issuers.