Andrew Smith advises clients on retail financial services, data protection, advertising and consumer protection, technology, credit reporting, and e-commerce issues. He assists banks, non-bank lenders, technology companies, and their vendors with regulatory compliance, litigation, and transactional matters.

Prior to re-joining the firm, Andrew served as Director of the Bureau of Consumer Protection at the Federal Trade Commission (FTC), where he was focused on investigations and enforcement of privacy, data security, financial services, and marketing laws and regulations across a broad range of areas, including fair lending, technology platforms, digital advertising, payments, telemarketing, lead generation, affiliate marketing, consumer reporting, and small business financing. He also oversaw the Bureau’s extensive rulemaking and workshop proceedings, including on endorsement guides, security of financial data, subscription marketing, contact lenses, and children’s privacy. Additionally, he led the FTC’s COVID-19 pandemic-related enforcement and consumer education efforts. In a previous role as Assistant to the Director of the Bureau of Consumer Protection at the FTC, Andrew led a team of professionals to develop and draft ten rules and six studies under the Fair Credit Reporting Act.

Andrew represents clients before federal and state agencies—particularly the FTC and Consumer Financial Protection Bureau (CFPB)—in law enforcement and rulemaking proceedings. He regularly advises companies on the requirements of the GLBA, FCRA, DPPA, ECOA, FDCPA, TCPA and TSR, FTC Act, Dodd-Frank Act, and analogous state laws, including state insurance privacy laws and security breach notification requirements.

On June 23, Congressman Patrick McHenry released a discussion draft of new legislation to modernize federal financial data privacy law. The draft legislation would amend and build on the Gramm-Leach-Bliley Act (“GLBA”). The draft includes notable provisions on consumer rights, data minimization, and disclosures. It also updates the definition of “financial institution” to include data

Today, the Federal Trade Commission (FTC) announced that it anticipates proposing a privacy rulemaking this month, with comments closing in August.  This announcement follows the agency’s statement in December that it planned to begin a rulemaking to “curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination.”