{"title":"根据Van Buren和TransUnion,协调适用于在加州经营的零售银行持有的数据的竞争性数据安全标准","authors":"Michael R. Sneberger","doi":"10.54648/gplr2021023","DOIUrl":null,"url":null,"abstract":"When operating in California, retail banks face competing, seemingly inconsistent, federal, state, and industry data security standards. The article describes what regulations prescribe data security standards for banks operating in California. It analyses private rights of action available in the event of a data breach, how such private rights may be affected by the Van Buren and TransUnion decisions, and what data security standards are set forth by each of the controlling regulatory regimes, as well as other industry standards which may inform the applicable standard of care regarding non-personal information. Finally, the article presents a position on how a California bank can reconcile the applicable security standards, and provides a suggestion for a data security benchmark for retail banks operating in California by positing that a ‘reasonable’ data security program is not only one based on assessment of risk and industry best practices, but is also reconcilable with the seemingly competing regulatory regimes applicable to banks operating in California.","PeriodicalId":127582,"journal":{"name":"Global Privacy Law Review","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-10-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Reconciling Competing Data Security Standards Applicable to Data Held by Retail Banks Operating in California in Light of Van Buren and TransUnion\",\"authors\":\"Michael R. Sneberger\",\"doi\":\"10.54648/gplr2021023\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"When operating in California, retail banks face competing, seemingly inconsistent, federal, state, and industry data security standards. The article describes what regulations prescribe data security standards for banks operating in California. It analyses private rights of action available in the event of a data breach, how such private rights may be affected by the Van Buren and TransUnion decisions, and what data security standards are set forth by each of the controlling regulatory regimes, as well as other industry standards which may inform the applicable standard of care regarding non-personal information. Finally, the article presents a position on how a California bank can reconcile the applicable security standards, and provides a suggestion for a data security benchmark for retail banks operating in California by positing that a ‘reasonable’ data security program is not only one based on assessment of risk and industry best practices, but is also reconcilable with the seemingly competing regulatory regimes applicable to banks operating in California.\",\"PeriodicalId\":127582,\"journal\":{\"name\":\"Global Privacy Law Review\",\"volume\":\"46 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-10-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Global Privacy Law Review\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.54648/gplr2021023\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Global Privacy Law Review","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.54648/gplr2021023","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Reconciling Competing Data Security Standards Applicable to Data Held by Retail Banks Operating in California in Light of Van Buren and TransUnion
When operating in California, retail banks face competing, seemingly inconsistent, federal, state, and industry data security standards. The article describes what regulations prescribe data security standards for banks operating in California. It analyses private rights of action available in the event of a data breach, how such private rights may be affected by the Van Buren and TransUnion decisions, and what data security standards are set forth by each of the controlling regulatory regimes, as well as other industry standards which may inform the applicable standard of care regarding non-personal information. Finally, the article presents a position on how a California bank can reconcile the applicable security standards, and provides a suggestion for a data security benchmark for retail banks operating in California by positing that a ‘reasonable’ data security program is not only one based on assessment of risk and industry best practices, but is also reconcilable with the seemingly competing regulatory regimes applicable to banks operating in California.