Privacy/Data Security

CFPB Finalizes Changes to Regulation P

On August 10, 2018 the Consumer Financial Protection Bureau (CFPB) issued a final rule adopting changes to Regulation P to bring the regulation into conformity with its authorizing statute, the Gramm-Leach-Bliley Act, 15 U.S.C. § 6801 et seq. (GLBA).  The rule, which was enacted to reduce regulatory burden on financial…

Read More

Massachusetts Case Against Equifax Survives Motion to Dismiss

On April 2, 2018, the Superior Court of Suffolk County, Massachusetts denied Equifax, Inc.’s motion to dismiss the Commonwealth’s case against it related to the company’s widely publicized 2017 data breach.  Although the ruling does not determine who will ultimately prevail in the action, it outlines several key considerations for…

Read More

CFPB Issues Consumer Protection Principles for Sharing Financial Account Information with Third Parties

On October 18, 2017, the Consumer Financial Protection Bureau (CFPB) published guidelines for financial institutions to use when authorizing third-party access to consumers’ financial information.  These guidelines are targeted at protecting consumers who give their consent to allow other companies to access their account information.  Companies—including fintech firms, banks, and…

Read More

FINRA Cracks Down on Financial Firms for Cybersecurity Deficiencies

On December 21, 2016, the Financial Industry Regulatory Authority (FINRA) announced that it was fining 12 firms a total of $14.4 million for failing to comply with FINRA cybersecurity regulations, having identified “significant deficiencies relating to the preservation of broker-dealer and customer records in a format that prevents alteration.” FINRA…

Read More

CFPB Signals Interest in Regulating the Use of Consumer Financial Data

The Consumer Financial Protection Bureau’s (CFPB) recently-released Request for Information Regarding Consumer Access to Financial Records (RFI) suggests that the agency is considering making a new rule to set requirements and protections for the use of consumers’ financial information.  In publishing the RFI, the CFPB notes that the Dodd-Frank Act “provides…

Read More

CFPB Steps Up Scrutiny of FinTech Companies

On March 7, 2016, the Consumer Financial Protection Bureau (CFPB) announced that it will begin collecting complaints from consumers about online marketplace lenders, signaling its intention to increasingly regulate the evolving and growing Financial Technology (FinTech) industry.  The CFPB announcement emphasized that marketplace lending is “a relatively new kind of online…

Read More

House Financial Services Committee Reports New Cybersecurity Bill to Congress

On December 9, 2015, the House Financial Services Committee reported a Bill to Congress that would impact the cybersecurity compliance of financial services companies.  The Bill, H.R. 2205, would set standards for development and implementation of cybersecurity protocols; require investigation and notification of breaches; and allow administrative enforcement. One of…

Read More

Should Companies Trust New Cyber Security Bill En Route to Passage in Senate?

On March 12, 2015, the Senate Intelligence Committee took an important step in advancing a comprehensive bill titled the Cybersecurity Information Sharing Act of 2015 (“CISA”) aimed at bolstering U.S. companies and the federal government’s cyber security protections.  But some privacy watchdogs and other government officials are openly wondering whether…

Read More

U.S. Woos Businesses With New Cyber Security Intelligence Division

As the cyber security threat to the U.S. economy and national security has grown, U.S. states and businesses have taken increasing steps to prevent potential hacks from invading user privacy and U.S. intelligence activities.  Most recently, New York’s attorney general, proposed new rules to help safeguard consumer privacy and provide businesses with incentives…

Read More

Financial Services Firms' Projected Cybersecurity Spending Increase Is Money Well Spent

One of the most persistent and insidious threats to companies is cyber attacks.  Whether these attacks involve theft of intellectual property, installation of malware, or denial of service, they pose a significant risk to businesses and their customers.  For many companies, especially financial services companies, the risk is heightened by…

Read More

Is Knowing Enough? The FTC's Concerns Regarding Mobile Banking Practices May Force You to Do ...

On September 10, 2014, the Federal Trade Commission (FTC) posted a comment in response to the Consumer Financial Protection Bureau’s (CFPB) request for information regarding the use of mobile banking services and products specifically utilized by economically vulnerable or underserved consumers.  After briefly articulating some of the benefits of mobile…

Read More

Retailers Beware: Shopping Apps Can Cost You, Too

Online shopping is widespread, and by now, most retailers have tailored their websites to ensure consumers are fully aware of their privacy, security, and dispute resolution rights and liabilities in buying products online.  However, as retailers and other companies increasingly launch mobile applications to allow their customers to purchase items…

Read More

Committee of Banking Regulators Begins Cyber-Security Assessments of 500 Financial Institutions

On June 24, 2014, in response to the “increasing volume and sophistication of cyber threats,” the Federal Financial Institutions Examination Council (“FFIEC”) began a month-long cyber-security assessment of 500 community financial institutions and credit unions.  Announcing what it dubbed a “pilot program,” the FFIEC—a formal, interagency body made up of…

Read More

Mobile Banking in the 21st Century: More Freedom for Consumers, More Red Tape for Financial ...

On June 11, as a result of the growing use of mobile banking services across the country, the CFPB announced that it was conducting a request for information into the benefits and consequences of expanding mobile financial services.  Its focus is underserved and remote communities, but any actions the CFPB…

Read More