Privacy and Cybersecurity

On June 28, Pennsylvania took a significant step to enhance its data protection framework by updating the Breach of Personal Information Notification Act through the enactment of SB 824. This new legislation revises the older 2005 law and places a stronger emphasis on the security of digital data. It also introduces more stringent guidelines for notifying consumers and relevant authorities following a data breach.Continue Reading Pennsylvania Amends Data Protection Requirements with Revised Breach Notification Act

On April 2, at an event at the White House on Data Protection and National Security, CFPB Director Rohit Chopra’s articulated potential changes to the data security regulation landscape and noted that the Bureau is considering rules to amend the Fair Credit Report Acting, tightening the regulation of data brokers that trade in sensitive consumer data. His remarks follow an Executive Order signed by President Biden five weeks ago aimed at protecting American’s sensitive personal data from “countries of concern.” Continue Reading CFPB Announces Potential FCRA Expansion Targeting Brokers of Consumer Data

On April 4, the CFPB published a new Issue Spotlight, titled “Banking in Video Games and Virtual Worlds” that analyzes the increased commercial activity within online video games and virtual worlds and the apparent risks to consumers—in this case, to online gamers. In particular, this report examines how “game assets” are being used and the associated risks, including the emergence of products or services that resemble traditional consumer financial products or services. Continue Reading Report Signals CFPB Taking Aim at Video Game and Virtual Worlds Industries

On January 18, the FTC issued a consent order prohibiting a digital platform and data aggregator from selling or licensing precise consumer location data on the grounds that it did not obtain consumer consent before collecting and selling the data to advertisers.Continue Reading FTC Cracks Down on Data Aggregator, Bans Sale of Precise Consumer Location Data

On October 27, the FTC has approved an amendment to the Safeguards Rule that would require non-banking institutions to report certain data breaches and other security events to the agency. The amendment requires financial institutions to notify the FTC as soon as possible, and no later than 30 days after discovery, of a security breach involving the information of at least 500 consumers. Such an event requires notification if unencrypted customer information has been acquired without the authorization of the individual to which the information pertains. The notice to the FTC will need to include certain information about the event, including:Continue Reading FTC Amends Safeguards Rule, Requires Non-Banks to Report Data Security Breaches

On August 15, CFPB Director Rohit Chopra announced plans for new CFPB rules that would strictly limit the types of consumer data that can be sold by businesses and ensure that data brokers comply with the Fair Credit Reporting Act (“FCRA”). The announcement came during a White House roundtable event focused on protecting individuals’ data privacy and as part of a broader federal crackdown on third-party data brokers. Director Chopra highlighted two proposals in particular that the CFPB is considering.Continue Reading CFPB Forecasts New Rule Cracking Down on Consumer Data Sales

Financial services companies beware: the new state privacy laws exemption are not uniform. To recap, there are privacy laws in 12 states: California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia. (Delaware’s law is pending the governor’s signature.)Continue Reading State Privacy Law Roundup: What Financial Services Entities Need to Know

On June 20, the CFPB published a blog discussing its response to public concerns about workers’ privacy and the risks associated with automated workplace surveillance technology. Automated workplace surveillance technology are used by many employers according to the CFPB.Continue Reading CFPB Warns of Privacy Risks Arising from Automated Workplace Surveillance Technology

The FTC’s Safeguards Rule compliance deadline is right around the corner – June 9. The Safeguards Rule requires non-banking financial institutions to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe (we discussed the Safeguards Rule in a previous blog post here).Continue Reading Reminder: The FTC “Safeguards Rule” Compliance Date is June 9

On April 4, CFPB Director Rohit Chopra delivered remarks at the International Association of Privacy Professionals’ Global Policy Summit on the importance of reigning in repeat violators of consumer finance and privacy laws. According to the Director, the CFPB is to enhance penalties against repeat offenders of consumer protection laws. Such penalties could involve a broader range of agency remedies, including naming executives in enforcement actions and placing meaningful limitations on future business practices, in addition to simple fines.Continue Reading CFPB Director Elevates Priorities for Data Privacy & Repeat Offenders