Main Page

The United States lacks a single privacy law that covers all types of entities.¹

The Gramm-Leach-Bliley Act (GLB) represents the main national privacy law that ensures the proper regulation of the operations of fintech companies.¹

GLB refers to making disclosed any non-public personal information (NPI) by a financial company.¹

NPI includes any personally identifiable financial information that either:

1. is provided by a consumer to a financial institution
2. results from a transaction or service with the financial institution
3. is otherwise obtained by the financial institution ¹

The definition of the term “financial institution” is any venture involved in financial operations, including fund lending, loan servicing or money transfer.¹

The GLB Act is supported by two different rules:

• the Privacy Rule, which demands financial companies supply privacy notices to their clients and give them a chance to avoid having their NPI disclosed
• the Safeguards Rule, which demands financial companies to have their clients' NPI secure and confidential by means of a well-designed information security program ¹

Some other vital national and state legislation for fintech companies to take into consideration and maintain include the following ones:

• The FCRA is a federal law that ensures the proper regulation of customer reporting data.
• The Red Flags Rule is a federal law that demands financial companies and creditor institutions to generate, put into effect, and upgrade a written identity theft prevention program to identify and address red flags that mean acts of identity fraud.
• The Affiliate Marketing Rule is a federal law that places certain restrictions on data exchange among unified organizations to attain certain business goals.
• In the case of the fintech company's interaction with children, the following legislation is applicable: the Children's Online Privacy Protection Act, some provisions of the California Consumer Privacy Act (CCPA) that refer to opt-in regulations on data selling for children aged 13–16 (including parental opt-in consent for children aged 13 and younger), and some more California and other state privacy laws that relate to children under the age of 18.
• The Health Insurance Portability and Accountability Act is a federal law used in the case when a fintech company focuses on healthcare information. ¹

On top of all that, there are many other national and state privacy and data protection rules and regulations that may be useful for fintech organizations to handle possible security issues.¹

For instance, a fintech organization that employs biometric recognition instruments for identity confirmation by means of mobile computing devices should observe relevant state legislation.¹

States like Texas, Washington, California, New York, and Arkansas have already adopted their own biometric-related requirements or modified current legislation to incorporate biometric identification devices.¹

Cross-border payments in the USA

Fintech in the USA

Fintech in other countries

Notes

1. https://thelawreviews.co.uk/title/the-financial-technology-law-review/usa