Information that is gathered by entities outside of the financial services industry is not held to the same standards as it relates to safeguarding information. Once information is shared with permissioned third-parties, consumers may no longer have control of their personal and financial information.
The potential for abuse is real and can be extremely harmful to consumers. This leaves consumers vulnerable to entities that may mislead them about what they do with the information they collect. This places an extraordinary burden on consumers to be vigilant in their research and knowledge of firms to which they may provide their online account credentials.
For this reason, ICBA has profound concerns that non-bank entities which may be authorized by consumers to access their information and store their bank login credentials may not take the same care in protecting consumer privacy and data as community banks.
At a minimum, consumers must have the same GLBA-like privacy protections with permissioned third parties as they have with banks, including limitations on the use of consumer information and limitations on the disclosure of the consumer’s information to third parties.