en

Fintech Market Overview

This article does not constitute legal advice.

Data protection in the USA

Main Page

The United States lacks a single privacy law that covers all types of entities.1

The Gramm-Leach-Bliley Act (GLB) represents the main national privacy law that ensures the proper regulation of the operations of fintech companies.1

GLB refers to making disclosed any non-public personal information (NPI) by a financial company.1

NPI includes any personally identifiable financial information that either:

  1. is provided by a consumer to a financial institution
  2. results from a transaction or service with the financial institution
  3. is otherwise obtained by the financial institution 1

The definition of the term “financial institution” is any venture involved in financial operations, including fund lending, loan servicing or money transfer.1

The GLB Act is supported by two different rules:

  • the Privacy Rule, which demands financial companies supply privacy notices to their clients and give them a chance to avoid having their NPI disclosed
  • the Safeguards Rule, which demands financial companies to have their clients' NPI secure and confidential by means of a well-designed information security program 1

Some other vital national and state legislation for fintech companies to take into consideration and maintain include the following ones:

  • The FCRA is a federal law that ensures the proper regulation of customer reporting data.
  • The Red Flags Rule is a federal law that demands financial companies and creditor institutions to generate, put into effect, and upgrade a written identity theft prevention program to identify and address red flags that mean acts of identity fraud.
  • The Affiliate Marketing Rule is a federal law that places certain restrictions on data exchange among unified organizations to attain certain business goals.
  • In the case of the fintech company's interaction with children, the following legislation is applicable: the Children's Online Privacy Protection Act, some provisions of the California Consumer Privacy Act (CCPA) that refer to opt-in regulations on data selling for children aged 13–16 (including parental opt-in consent for children aged 13 and younger), and some more California and other state privacy laws that relate to children under the age of 18.
  • The Health Insurance Portability and Accountability Act is a federal law used in the case when a fintech company focuses on healthcare information. 1

On top of all that, there are many other national and state privacy and data protection rules and regulations that may be useful for fintech organizations to handle possible security issues.1

For instance, a fintech organization that employs biometric recognition instruments for identity confirmation by means of mobile computing devices should observe relevant state legislation.1

States like Texas, Washington, California, New York, and Arkansas have already adopted their own biometric-related requirements or modified current legislation to incorporate biometric identification devices.1

Cross-border payments in the USA

Fintech in the USA

Fintech in other countries

Let's introduce you

US Fintech Lawyers

Silvia Calls

Silvia Calls

We work for international SMEs, startups and Telco's

Roman Buzko

Roman Buzko

Registration, regulatory advice, investment transactions and dispute resolution.

Viacheslav Losev

Viacheslav Losev

Legal support for FinTech and Blockchain projects

Fintech investors from the USA

2048 Ventures

2048 Ventures

We are a team of experienced operators and dreamers who are passionate about working with founders at the earliest stage

First Check Ventures

First Check Ventures

Our syndicate is focused on investing in early stage startups across the globe

Notes
  1. https://thelawreviews.co.uk/title/the-financial-technology-law-review/usa
Offer for Fintech Startups

Fast Start for $399

Our No-Code solution allows you to launch your crowdfunding platform for $399 per month, with the first two weeks free to try the platform.