Caveat: I did not write the following dialogue. It is from the “comments” section of one of my columns where I mentioned I’d be writing about HIPAA and GLBA. Unfortunately, I cannot attribute the comments to the persons who wrote them, as they are anonymous; however they are quite apropos of today’s subject:
1) “I wish vendors would get it into their heads that indemnity for being sued on a confidentiality basis doesn’t cut it for financial institutions and other customers/clients that have affirmative obligations without being sued in the event of a breach of confidentiality.”
2) “I wish financial institution customers would get it into their heads that the ‘customer information’ they’re obligated to protect is not the sort of thing they would ever disclose to the vast majority of their vendors, and stop using their ‘affirmative obligations’ as a tool to cram unnecessarily restrictive confidentiality terms down the throats of vendors.”
Perfect. Those two comments capture the schism between vendors and customers when dealing with private financial or personal confidential information….