Privacy and Cybersecurity

Subscribe to Privacy and Cybersecurity via RSS

On August 15, CFPB Director Rohit Chopra announced plans for new CFPB rules that would strictly limit the types of consumer data that can be sold by businesses and ensure that data brokers comply with the Fair Credit Reporting Act (“FCRA”). The announcement came during a White House roundtable event focused on protecting individuals’ data privacy and as part of a broader federal crackdown on third-party data brokers. Director Chopra highlighted two proposals in particular that the CFPB is considering.Continue Reading CFPB Forecasts New Rule Cracking Down on Consumer Data Sales

Financial services companies beware: the new state privacy laws exemption are not uniform. To recap, there are privacy laws in 12 states: California, Colorado, Connecticut, Florida, Indiana, Iowa, Montana, Oregon, Tennessee, Texas, Utah, and Virginia. (Delaware’s law is pending the governor’s signature.)Continue Reading State Privacy Law Roundup: What Financial Services Entities Need to Know

On June 20, the CFPB published a blog discussing its response to public concerns about workers’ privacy and the risks associated with automated workplace surveillance technology. Automated workplace surveillance technology are used by many employers according to the CFPB.Continue Reading CFPB Warns of Privacy Risks Arising from Automated Workplace Surveillance Technology

The FTC’s Safeguards Rule compliance deadline is right around the corner – June 9. The Safeguards Rule requires non-banking financial institutions to develop, implement, and maintain a comprehensive security program to keep their customers’ information safe (we discussed the Safeguards Rule in a previous blog post here).Continue Reading Reminder: The FTC “Safeguards Rule” Compliance Date is June 9

On April 4, CFPB Director Rohit Chopra delivered remarks at the International Association of Privacy Professionals’ Global Policy Summit on the importance of reigning in repeat violators of consumer finance and privacy laws. According to the Director, the CFPB is to enhance penalties against repeat offenders of consumer protection laws. Such penalties could involve a broader range of agency remedies, including naming executives in enforcement actions and placing meaningful limitations on future business practices, in addition to simple fines.Continue Reading CFPB Director Elevates Priorities for Data Privacy & Repeat Offenders

On January 12, the CFPB released a report that identified an uptick in identity theft reported by servicemembers. The report found that military consumers (defined as active duty servicemembers, veterans, and military family members) reported almost 50,000 cases of identity theft to the FTC in 2021. Additionally, military consumer complaints to the CFPB for debts resulting from identity theft increased from about 200 in 2014 to more than 1,000 in 2022.Continue Reading CFPB Report: ID Theft Among Servicemembers Increasing

Recently, the CFPB released an outline of proposed measures related to the Bureau’s Dodd-Frank Section 1033 rulemaking efforts that would allow consumers the rights over their personal financial data. The outline discusses proposed regulations that would require covered data providers to make consumer financial data available directly to a consumer and to any third parties authorized by the consumer. Under these proposed regulations, consumers would be able to easily switch financial providers and transfer their account history to a new provider. In a high-level summary of the proposed regulations, the CFPB discusses the regulatory provisions it is considering proposing, including the following:
Continue Reading CFPB Issues Proposed Rulemaking on Data Access and Portability

The FTC recently published an advance notice of proposed rulemaking to discuss harms associated with the collection, processing, and selling of personal data. The FTC is inviting public comments on whether it should implement new rules on how companies:
Continue Reading FTC Signals Focus on Increasing Protections Around Personal Data

On July 29, the New York Department of Financial Services (NYDFS) released Draft Amendments to its Part 500 Cybersecurity Rules that would impose new obligations on financial institutions on reporting, governance, testing, access management, risk assessment, business continuity plans, among others.
Continue Reading New York Proposes Cybersecurity Rules for Financial Institutions

On August 11, the CFPB published a circular clarifying liability under consumer financial protection law for bank and nonbank financial companies that fail to safeguard consumer data. The circular describes how firms may be violating the CFPA’s prohibition on unfair acts or practices with respect to the handling of consumer data by not implementing adequate measures to protect against data security incidents. These data security incidents may lead to significant harm to a few consumers—who, for example, become victims of targeted identify theft after a breach—or may lead to harm of many consumers in the event of large scale, customer-base-wide breaches. The circular includes specific examples for reference.
Continue Reading CFPB Circular: Safeguard Consumer Data or Face Liability