Graham-Leach-Bliley is the common privacy law that regulates financial
institutions. In regard to ownership of credit card numbers used at a
merchant, it is common knowledge in the industry that the merchant has
the ownership of that data. That means that a chain store could
extrapolate from credit card numbers used at their establishment who
to customer was etc, purchasing habits etc. Even though the card data
resides at the credit card processor, Nevertheless, the data belongs
to the merchant and the processor is even obligated to provide it to
the merchant. My question is if this is correct and if yes what is the
source or ruling for this rule. What other info could you provide on
this issue? I would also like information as to a ruling that
prohibits merchants to extrapolate data from card numbers (known as
card appending) [although they own the data]. |
Request for Question Clarification by
larre-ga
on
05 Nov 2002 20:58 PST
To make sure I'm on the right track, please confirm that you are
seeking:
* The exact provisions within Graham-Leach-Bliley that apply to data
ownership, and how those provisions are typically applied in a
contract between a merchant and processor
* Specific laws, regulations, or official guidance regulating data
mining via card appending
I've located a fair amount of slightly more generalized information
and research focused on the interrelationship of data mining, privacy
and ethics, in the form of white papers, journal articles, and thesis.
Would these references be of interest in addition to the above? The
better we understand your requirements, the more likely we can fulfill
them satisfactorily.
=l=
|
Clarification of Question by
ams143-ga
on
08 Nov 2002 07:33 PST
* The exact provisions within Graham-Leach-Bliley that apply to data
ownership, and how those provisions are typically applied in a
contract between a merchant and processor
YES. Also, was there any lobbying to either side before the passing of
the bill? What prompted a ruling on ownership of data? Whom and which
companies did it affect? Did any companies need to cease from previous
business practices as a result of this ruling?
* Specific laws, regulations, or official guidance regulating data
mining via card appending
YES. Also the timelines and chronological sequence of past and current
laws, what prompted those laws, the companies that lobbied for either
side of the law, the companies that were affected, the areas of
business that were affected and their response.
I look forward for your response. Thank You.
|
Clarification of Question by
ams143-ga
on
08 Nov 2002 07:40 PST
I've located a fair amount of slightly more generalized information
and research focused on the interrelationship of data mining, privacy
and ethics, in the form of white papers, journal articles, and thesis.
Would these references be of interest in addition to the above?
YES.
|
Clarification of Question by
ams143-ga
on
08 Nov 2002 10:02 PST
Also, is the processor is obligated to provide the card data to the
merchant upon the merchant's request?
|
Request for Question Clarification by
larre-ga
on
08 Nov 2002 18:50 PST
Thank you for responding. The additional information makes your
requirements clearly understandable. You will recieve notification via
e-mail as soon as your Answer is posted.
=l=
|
Clarification of Question by
ams143-ga
on
28 Nov 2002 15:49 PST
I'm just checking to see if you are still working on this answer. Thanks.
|
Request for Question Clarification by
larre-ga
on
29 Nov 2002 18:43 PST
Yes, I have been working on the question, in between several absences
during the past couple of weeks. Google Answers is a marvelous
part-time occupation, but one must earn a living, and this won't quite
do it yet. I have located a number of "almost related" resources, but
they do not answer the question or provide specific guidance, and have
also these provisions are specific to each merchant/merchant account
agreement. There is no hard and fast standard, and the terms of the
contract are considered to be proprietary information (non-public) by
those who offer the merchant accounts. I don't have enough solid
information that can be verified by public sources to feel it worth
your Answer price. Without that verification, all you have is my word
and assessment of various non-public contracts. I'm not an expert in
this field, rather an expert researcher. I wouldn't feel comfortable
stating my informal findings and assessments as facts.
I do realize that the deadline for question expiration is fast
approaching. I will continue with research this evening, and see if I
can't nail down a publicly published source of contract(s) which
addresses the datamining issue directly, or at least some samples of
such. If so, I will post an Answer. I'd rather not disappoint you at
all, but given the choice of a waste of your money from an inadequate
answer, or no answer at all and a 50 cent listing fee, I'll chose to
treat you as I would wish to be treated, were our positions reversed.
=l=
|
