When Banks Are Sloppy with Information Security
March 14, 2017 6:28 AM   Subscribe

A friend's bank prints customers' full social security numbers on pretty much everything, including mailed paper statements. She has tried multiple times to contact the bank and get them to stop doing this and they refuse. Are there any rules or laws about this or trade groups she could report the bank to?

Because she has a 5 year CD with the bank she can't just close the account without incurring a pretty hefty penalty. She asked if she could just receive digital statements over email and was told no. Now she's super paranoid about mail theft and her SS getting stolen.

It seems like it should at the very least be a violation of some kind of FDIC or insurance liability requirement to be so needlessly sloppy with sensitive info like that. I'm hoping there's some kind of trade group or local state-level regulatory group that she can contact to get this bank to change their tune, or at least to get a paper trail started showing the bank has been warned about being reckless about handling people's personal info.
posted by forkisbetter to Law & Government (5 answers total) 2 users marked this as a favorite
I suggest she file a complaint with the Consumer Financial Protection Bureau. Not sure which reg(s) this violates, but it is definitely not okay.
posted by bologna on wry at 6:59 AM on March 14, 2017 [3 favorites]

Best answer: First figure out who regulates the bank here: https://www.ffiec.gov/consumercenter/default.aspx. Often it is either the FDIC (complaint page) or the Office of the Comptroller of the Currency which is part of the Dept of the Treasury. If the bank isn't on that list, it may be state regulated, so check this page on helpwithmybank.gov.
posted by soelo at 7:53 AM on March 14, 2017

Ask the bank to generate an EIN and have that replace the SSN for the acct. Or create a new acct. with the bank and transfer the CD to that acct. They'll try to charge you fees, but up front get them to absorb those fees, since you're saving them from their own ignorance.
posted by at at 8:31 AM on March 14, 2017

There is not a national law that covers protecting SSNs so part of it will depend on her state's laws.

These days it seems like one of the more effective way to get action from companies is public shaming on Twitter (with effective use of hashtags and mentions).
posted by Candleman at 11:11 AM on March 14, 2017 [1 favorite]

« Older How can I remember names better?   |   How to follow up on a purchase and not be a jerk? Newer »
This thread is closed to new comments.