ABSs choice of a solution to the data protection and encryption problem is most likely directly related to the penalties that can be enforced against them for non-compliance of the laws. The Federal Trade Commission, state insurance authorities and other federal regulatory agencies have the power to enforce the Gramm-Leach-Bliley (GLB) Act which requires all financial, investment and insurance agencies to inform their customers of their information sharing procedures. The GLB Act also requires these agencies to safeguard their customer’s sensitive data and information. ABSs solution to safeguard their customer’s data and information is directly related to compliance of the GLB Act.
ABS would have done a Cost-Benefit Analysis (CBA) to determine the risk of potential loss if they had not implemented better security practices. The CBA would have shown them that the potential cost of fines, revenue loss form their customers, and credibility far outweighed the cost associated with taking the enhanced security steps they took. As with any risk, a company has to determine if they can afford the cost to mitigate it or accept the risk and suffer the consequences if something should go wrong.
ABSs customers will in the end pick up some of the cost of the solution, if not all of the cost of the solution. The cost most likely will be spread out to all of the credit unions in the form of increased fees for