> In a cease-and-desist order against Voya Financial Advisors, the investment advisory unit of Voya Financial, the commission used the “Identity Theft Red Flags Rule” to censure the firm for allowing hackers to access social security numbers, account balances and even details of client investment accounts.
I'd like them to conciliate this rule with companies whose only business purposes are to sell that data, like TLO from the other HN frontpage article.
Even ignoring the fact that their data
finds way into automating identity theft financial fraud, it should have been impossible to conciliate a business which purpose is to sell your data (with no consent or even ever interacting with you) with any identy and data protection law.
if anything, those two things happening show that financial laws are also arbitrarily enforced. being a small bank, or from east asia, you will feel the wrath of the law (e.g. voya, hsbc money laudering, etc). but if you are a huge american financial institutions you can get away with even more (e.g. bank of america many many recent woes in data loss and consumer abuse).
Voya is the administrator of one on my financial accounts. I'm wondering if I should take my money out of this account and move it to another financial administrator. My first thought is "how would I find out whether my other financial administrator is any better at security than Voya?"
I’d like to see them use this more often.