Emergent Chaos

The American Banker has a long story about how some regulations from GLB are now five years behind schedule:

Ironically, both bankers and consumer advocates panned the agencies when they proposed guidelines on identity theft prevention in August 2003.

The 25-page guidelines were based on Section 501 of the Gramm-Leach-Bliley Act of 1999, which required financial companies to have safeguards in place to protect nonpublic personal data.

...
Now, nearly 18 months later, the Federal Reserve Board, Federal Deposit Insurance Corp., Office of the Comptroller of the Currency, and Office of Thrift Supervision are on the verge of issuing a final version of the guidelines.

...
Regulators are also working to implement the Fair and Accurate Credit Transactions Act, a December 2003 update of the Fair Credit Reporting Act.

The agencies have polished off rules granting free credit reports and making it easier for consumers to opt out of prescreened credit offers. But the FACT Act required seven rules relating to identity theft, and only three have been completed. [None of the FACT rules would require disclosure.]

...
Legislative reform that attempts to rein in information brokers like ChoicePoint could have a spillover effect on financial services companies. For example, some lawmakers want the FTC to restrict the types of companies that may access and sell data such as Social Security numbers. Many financial institutions are also customers of these information brokers, using their reports to check the accuracy of credit applications or to verify a customer's identity.