Header graphic for print
Inside Privacy Updates on Developments in Global Privacy & Data Security from Covington & Burling LLP

Category Archives: Financial Privacy

Subscribe to Financial Privacy RSS Feed

CFPB Proposes Revised Financial Privacy Rule

Posted in Financial Privacy

On May 6, 2014, the Consumer Financial Protection Bureau (“CFPB”) proposed a rule to modify the notice provisions of Regulation P, which implements the financial privacy provisions of the Gramm-Leach-Bliley Act (“GLBA”). Regulation P requires financial institutions to deliver an annual privacy notice to customers, which is often accomplished through a direct mailing to the… Continue Reading

Ten Things You Should Know About the SEC’s New Cybersecurity Examinations

Posted in Cybersecurity, Data Breaches, Data Security, Financial Institutions, Financial Privacy

Last week, the Securities and Exchange Commission announced that it will conduct more than 50 cybersecurity examinations to identify risks and ensure that broker-dealers and investment advisers are adequately protecting customer information.  Below are some key takeaways from the Risk Alert that the SEC’s Office of Compliance Inspections and Examinations released with its announcement:

Is Korea Moving Towards EU-Style Legislation for Financial Institutions?

Posted in Financial Institutions, Financial Privacy, International, Korea

By Hee-Eun Kim and Monika Kuschewsky In January 2014, a massive data leak of some 104 million credit card accounts shocked South Korea.  The number of affected accounts was twice the number of the population of South Korea’s.  The incident arose when a temporary employee of a personal credit rating agency that manages personal financial… Continue Reading

Judge Reduces Punitive Damages Against Equifax in FCRA Suit

Posted in Financial Privacy, Litigation, United States

A federal judge on Wednesday reduced a jury’s punitive damages award against Equifax from more than $18 million to $1.62 million, after finding that the jury’s award was unconstitutionally excessive despite Equifax’s “reprehensible” conduct in violating the Fair Credit Reporting Act. Plaintiff Julie Miller sued Equifax under FCRA for failing to correct mistakes in the… Continue Reading

SEC Exams of Asset Managers to Include Focus on Cybersecurity

Posted in Cybersecurity, Data Security, Financial Institutions, Financial Privacy, United States

Routine SEC examinations of investment advisers and investment companies this year will include scrutiny of these entities’ cybersecurity policies, an SEC official told attendees Thursday at a national agency-hosted compliance seminar. The SEC’s Regulation S-P, which implements the federal Gramm-Leach-Bliley Act, requires brokers, dealers, investment companies, and registered investment advisers to “adopt policies and procedures… Continue Reading

Senators Call for Hearing on Data Security in Wake of Target Data Breach

Posted in Congress, Data Breaches, Data Security, Financial Privacy, Litigation

A number of investigations and inquiries, including a call for a hearing in Congress on December 30, 2013, have been sparked by the announcement by Target Corp. that a massive security breach of approximately 40 million of its customers’ credit and debit card accounts used at brick-and-mortar Target stores occurred between November 27 and extending through… Continue Reading

Senate Panel Examines Data Broker Industry; Releases Staff Report

Posted in Advertising & Marketing, Data Security, Financial Privacy, Online, United States

Yesterday, the U.S. Senate Committee on Commerce, Science, and Transportation held a hearing entitled, “What Information Do Data Brokers Have on Consumers, and How Do They Use It?”   Committee members expressed interest in bringing about greater transparency to what information is collected by data brokers and how it is used at the hearing, which consisted… Continue Reading

FTC to Hold Seminars on Mobile Device Tracking, Alternative Scoring, and Consumer Health Information

Posted in Federal Trade Commission, Financial Privacy, Health Privacy, United States

The Federal Trade Commission (“FTC”) announced today that it will hold a series of three seminars in the spring focused on retail tracking, alternative scoring, and consumer health information.  The seminars are designed to shed light on new trends in big data and their impact on consumer privacy, according to the FTC.  The seminars will… Continue Reading

European Parliament Calls for Suspension of the SWIFT Agreement following NSA Surveillance Claims

Posted in European Union, Financial Privacy, International

On October 23, 2013, the European Parliament adopted a resolution calling for the suspension of an EU-US Agreement on the transfer of financial data for the purposes of the Terrorist Finance Tracking Program (the so-called “SWIFT Agreement”).  The resolution comes after allegations that the US National Security Agency (NSA) has had unauthorized access to EU citizens’ bank… Continue Reading

GAO to Review CFPB Data Collection Initiative

Posted in Congress, Financial Privacy, United States

Last week, the Government Accountability Office (GAO) agreed to review the Consumer Financial Protection Bureau’s (CFPB) collection and analysis of consumer credit records in response to a request from Senator Mike Crapo (R-ID).  In a letter to the GAO Comptroller General, Sen. Crapo requested that the GAO investigate “CFPB’s data collection to determine its purpose, scope… Continue Reading

CFPB Rulemaking Agenda Includes Potential Changes to GLBA Annual Privacy Notice Requirement

Posted in Congress, Financial Institutions, Financial Privacy, United States

Earlier this month, the Consumer Financial Protection Bureau (CFPB) posted its semi-annual update of its rulemaking agenda for the coming 12-month regulatory cycle, including recently-completed rulemakings.  The rulemaking agenda is part of a broader initiative led by the Office of Management and Budget (OMB) to publish a Unified Agenda of federal regulatory and deregulatory actions across… Continue Reading

FTC Issues Revised Business Guide on Identity Theft Red Flags Rule

Posted in Red Flags

By: Kelly Carson Last month, the Federal Trade Commission (FTC) issued an updated “How-To” guide to help businesses and organizations determine whether they are subject to the agency’s Red Flags rule (Rule).  Under the Rule, certain entities are required to establish written programs that are aimed at detecting and preventing identity theft. The FTC’s revised… Continue Reading

FTC Official Highlights FCRA Enforcement as a High Priority

Posted in Congress, Federal Trade Commission, Financial Privacy, United States

Earlier this month, Maneesha Mithal, Associate Director of the Federal Trade Commission’s Division of Privacy and Identity Protection, testified before the U.S. Senate Subcommittee on Consumer Protection, Product Safety, and Insurance regarding consumer report accuracy and the FTC’s efforts to improve accuracy through education and enforcement.  Her testimony emphasized the impact that consumer report errors may… Continue Reading

SEC and CFTC Issue Final Identity Theft Rule

Posted in Financial Institutions, Financial Privacy, Red Flags, United States

Last week, the Securities and Exchange Commission (SEC) and Commodity Futures Trading Commission (CFTC) published in the Federal Register a joint rule requiring entities regulated by the agencies to adopt programs to detect and prevent identity theft.  The rule is referred to as the “red flags rule” and applies to certain broker-dealers, mutual funds, investment advisers, futures… Continue Reading

Federal Reserve Releases Report of Mobile Banking and Mobile Payments Use

Posted in Data Security, Financial Institutions, Financial Privacy, United States

On March 27, 2013, the Federal Reserve released a report on consumers’ use of mobile banking and mobile payments.  The report follows a similar report issued by the Federal Reserve last year.  The report found that use of mobile banking has increased significantly in the past year while use of mobile payments has increased as well. … Continue Reading

House Passes Legislation Eliminating Annual GLBA Privacy Notice Requirement

Posted in Financial Institutions, Financial Privacy, United States

Earlier this week, the House of Representatives passed H.R. 749, the Eliminate Privacy Notice Confusion Act.  The bill is sponsored by Rep. Blaine Leutkemeyer (R-MO) and Rep. Brad Sherman (D-CA).  An earlier version of the bill passed the House in December but was never taken up by the Senate.  We previously covered similar legislation introduced by… Continue Reading

FTC Issues Report on Mobile Payments

Posted in Data Security, Federal Trade Commission, Financial Privacy, Mobile

Last Friday, the Federal Trade Commission released a report, Paper, Plastic…or Mobile?, on the use of mobile payments.  The report follows a workshop hosted by the FTC in April 2012 that explored innovative mobile payment products and services, the potential benefits offered by mobile payments, and the concerns they raise.  For purposes of the report, mobile… Continue Reading

FTC Study Details Inaccuracies in Credit Reports

Posted in Federal Trade Commission, Financial Institutions, Financial Privacy, United States

This week, the Federal Trade Commission released a study of the U.S. credit reporting industry and credit report accuracy.  The study found that five percent of consumers had errors on one of their three nationwide credit reports that could lead them to pay more for financial products.  The study is required under section 319 of the… Continue Reading

PCI Council Releases PCI-DSS Cloud Computing Guidelines

Posted in Cloud Computing, Financial Privacy, United States

On February 7, 2013, the Payment Card Industry (PCI) council released a supplement to the payment card industry data security standards (PCI-DSS) on the use of cloud technologies and considerations for maintaining PCI DSS controls in cloud environments.  The supplement is intended for merchants, service providers, assessors, and other entities in evaluating the use of cloud… Continue Reading

FFIEC Proposes Social Media Guidance

Posted in Financial Institutions, Financial Privacy, Social Media, United States

On January 22, 2013, the Federal Financial Institutions Examination Council proposed guidance on the applicability of consumer protection and compliance laws, regulations, and policies to activities conducted via social media by depository institutions.  The proposed guidance would not impose additional compliance obligations on institutions.  Instead, the guidance is intended to help financial institutions understand potential… Continue Reading

FDIC Highlights Mobile Payment Technologies and Related Risks

Posted in Financial Institutions, Financial Privacy, United States

In its most recent issue of the Supervisory Insights newsletter, the Federal Deposit Insurance Corporation (FDIC) describes mobile payment technologies, the risks they pose to depository institutions, and the regulatory framework applicable to such technologies.  The FDIC notes the widespread use of smartphones as a payment technology and the increasing availability of point-of-sale terminals equipped… Continue Reading

FTC Enters into Consent Order with Mobile Application Developers for Fair Credit Reporting Act Violations

Posted in Advertising & Marketing, Federal Trade Commission, Financial Privacy, Mobile, United States

Last week, the Federal Trade Commission entered into a consent order with two companies alleged to have operated as consumer reporting agencies, by providing criminal record reports through mobile applications, without complying with the Fair Credit Reporting Act (FCRA).  The consent order represents the FTC’s first FCRA case involving mobile applications.  According to the FTC’s complaint, Filiquarian… Continue Reading

FTC Announces Amended Rule on Identity Theft “Red Flags”

Posted in Congress, Creditors, Data Security, Federal Trade Commission, Financial Institutions, Financial Privacy, Red Flags, United States

On Friday, November 30, the Federal Trade Commission (FTC) issued an Interim Final Rule to amend its Red Flags Rule, which requires certain financial institutions and creditors to establish programs to detect, prevent and mitigate identity theft in connection with consumer accounts.  The Interim Final Rule narrows the definition of “creditor” in response to legislation… Continue Reading