Carlton Fields cybersecurity and privacy attorney Michael Yaeger was quoted in a CoinDesk article, “How FinCEN Became a Honeypot for Sensitive Personal Data,” regarding the retention issues related to the suspicious activity reports (SARs) filed by big banks to the U.S. Financial Crimes Enforcement Network (FinCEN).
FinCEN manages a database of SARs with detailed documentation of suspected instances of money laundering or fraud. These SARs can contain in-depth information about individuals. However, when hacks of the database occur, such as the recent, large leak of more than 2,000 reports, questions arise about how the government is handling the data and why the data is held on to for so long.
“I don’t think data retention is seriously thought about at the government level,” said Yaeger. “They specify how long they retain it at the bank level, but the government doesn’t. It’s not in the habit of destroying data.”
Yaeger also advised that the data could be a “honeypot,” or harmful in the wrong hands.
“It’s a window into the financial system, and specifically things that are flagged as potentially illegal activity,” said Yaeger. “So whatever use it has, whether it’s individual criminals seeing ‘oh yeah they’re onto me’ or it’s blackmail material you could use against people, the limits are really just determined by your imagination.”
Read the article.