On April 9, the Federal Reserve Bank of Kansas City published a research briefing examining how video game platforms are reshaping the digital payments landscape. As in-game purchases and platform-based transactions grow in volume and complexity, these developments are raising new regulatory concerns for both federal and state banking regulators.Continue Reading Kansas City Federal Reserve Bank Explores Regulatory Risks in Gaming Ecosystems
On December 3, the CFPB announced a proposed rule to enhance oversight of data brokers that handle consumers’ sensitive personal and financial information. The proposed rule would amend Regulation V, which implements the Fair Credit Reporting Act (FCRA), to require data brokers to comply with credit bureau-style regulations under FCRA if they sell income data or certain other financial information on consumers, regardless of its end use.Continue Reading CFPB Takes Aim at Data Brokers in Proposed Rule Amending FCRA
On November 12, the CFPB released a report analyzing federal and state-level privacy protections for consumer financial data.Continue Reading CFPB Report Highlights Financial Data Protection Challenges
On October 22, the CFPB announced the finalization of its Personal Financial Data Rights Rule under Section 1033 of the Dodd-Frank Act. The rule aims to bring the U.S. closer to an “open banking” framework by making it easier for consumers to switch between financial institutions.Continue Reading CFPB Finalizes Personal Financial Data Rights Rule
On August 28, the CFPB issued a Consumer Advisory warning that it believes video game companies are targeting children for monetary gain. With 45.7 million U.S. children engaged in video gameplay, the agency is concerned about the financial risks that games and virtual worlds pose, especially to young consumers. This Advisory highlights a growing focus on the game industry’s practices, which allegedly mimic traditional banking systems but lack corresponding consumer protections. Continue Reading The CFPB Continues to Reshape Consumer Protection in the Digital Arena
On June 28, Pennsylvania took a significant step to enhance its data protection framework by updating the Breach of Personal Information Notification Act through the enactment of SB 824. This new legislation revises the older 2005 law and places a stronger emphasis on the security of digital data. It also introduces more stringent guidelines for notifying consumers and relevant authorities following a data breach.Continue Reading Pennsylvania Amends Data Protection Requirements with Revised Breach Notification Act
On April 2, at an event at the White House on Data Protection and National Security, CFPB Director Rohit Chopra’s articulated potential changes to the data security regulation landscape and noted that the Bureau is considering rules to amend the Fair Credit Report Acting, tightening the regulation of data brokers that trade in sensitive consumer data. His remarks follow an Executive Order signed by President Biden five weeks ago aimed at protecting American’s sensitive personal data from “countries of concern.” Continue Reading CFPB Announces Potential FCRA Expansion Targeting Brokers of Consumer Data
On April 4, the CFPB published a new Issue Spotlight, titled “Banking in Video Games and Virtual Worlds” that analyzes the increased commercial activity within online video games and virtual worlds and the apparent risks to consumers—in this case, to online gamers. In particular, this report examines how “game assets” are being used and the associated risks, including the emergence of products or services that resemble traditional consumer financial products or services. Continue Reading Report Signals CFPB Taking Aim at Video Game and Virtual Worlds Industries
On March 6, New Hampshire Governor Chris Sununu signed into law SB 255, a sweeping consumer privacy bill. The Act gives consumers broad rights regarding their privacy and control over their personal data. Continue Reading New Hampshire Enacts Comprehensive Consumer Privacy Law
On January 18, the FTC issued a consent order prohibiting a digital platform and data aggregator from selling or licensing precise consumer location data on the grounds that it did not obtain consumer consent before collecting and selling the data to advertisers.Continue Reading FTC Cracks Down on Data Aggregator, Bans Sale of Precise Consumer Location Data
On October 27, the FTC has approved an amendment to the Safeguards Rule that would require non-banking institutions to report certain data breaches and other security events to the agency. The amendment requires financial institutions to notify the FTC as soon as possible, and no later than 30 days after discovery, of a security breach involving the information of at least 500 consumers. Such an event requires notification if unencrypted customer information has been acquired without the authorization of the individual to which the information pertains. The notice to the FTC will need to include certain information about the event, including:Continue Reading FTC Amends Safeguards Rule, Requires Non-Banks to Report Data Security Breaches