Account aggregation software that pulls in disparate financial information to a single dashboard is increasingly popular both for consumers and for financial advisors themselves, but the technology does not conform well to existing regulations for banks and broker-dealers, raising concerns about how to standardized both security and also privacy, which even prompted FINRA last month to issue a warning to both the industry and investors about the dangers of sharing account data with third parties (an issue that has only become even more top-of-mind in recent weeks with recent privacy lapses at Facebook). In this context, SIFMA (the primary lobbying organization for the brokerage industry) issued what they are calling a series of four “Data Aggregation Principles” that brokerage firms should follow to ensure client data privacy and security. A key tenet of the guidance is that SIFMA suggests firms should make it easier for customers to have accounts linked directly, without requiring them to share their actual account IDs and passwords with third parties just to gain access to their data (to obviate the need for “screen-scraping” technology), and that financial institutions should provide a “clear and conspicuous explanation” of how a third party can access or use data (for which customers should affirmatively consent before aggregation begins, and be able to withdraw consent easily at any time). SIFMA also suggested that while data on holdings, balances, and transactional information should be OK to share, firms should not share other nonpublic or confidential personal information (i.e., that actities like trading, money movement, and other services beyond data aggregation alone should have separate agreements).