Mike Nonaka

Mike Nonaka

Michael Nonaka is a partner in the firm’s Financial Institutions practice group. He represents banks and other financial institutions on a wide variety of bank regulatory, enforcement, legislative and policy issues.  Mr. Nonaka also is co-chair of the firm’s Fintech Initiative and works with a number of banks, lending companies, money transmitters, payments firms, technology companies, and service providers on innovative technologies such as big data, blockchain and related technologies, bitcoin and other virtual currencies, same day payments, and online lending.

Subscribe to all posts by Mike Nonaka

FTC Releases Privacy Guide for Mobile Application Developers

The Federal Trade Commission has released a guide, Marketing Your Mobile App: Get It Right from the Start, to help mobile application developers comply with truth-in-advertising standards and privacy principles.  Although the guide is informal and not binding guidance, it does represent helpful FTC commentary.  The guide notes that a one-size fits all approach is not workable since … Continue Reading

FDIC Official Discusses Implementation of FFIEC Authentication Guidance

In an interview with Information Security Media Group, William Henley, Associate Director of the Federal Deposit Insurance Corporation’s (FDIC) Technology Supervision Branch, discussed the status of the banking industry’s implementation of FFIEC authentication guidance released in July 2011.  Henley generally said that the industry was working towards compliance and offered that FDIC examiners at this stage … Continue Reading

Illinois Prohibits Employers from Requesting Employees’ Social Networking Passwords

On August 1, Illinois became the second state in the country to prohibit employers from requesting or requiring employees to provide their passwords for social networking accounts.  As reported in this blog, Maryland adopted similar legislation in April.  The bill (HB 3782) was signed into law by Illinois Governor Pat Quinn and will become effective on … Continue Reading

Senate Hearing Considers Updates to 1974 Privacy Act

Yesterday, the Senate Homeland Security and Government Affairs Committee’s subcommittee on Oversight of Government Management held a hearing to consider updates to the Privacy Act of 1974.  The Privacy Act of 1974 governs federal government agencies’ collection, use, and transfer of individuals’ personal information.  In general, the Act limits federal agencies’ disclosure of such information from … Continue Reading

CFPB Issues Rule to Supervise Larger Participants in Consumer Reporting Market

The Consumer Financial Protection Bureau (CFPB) has issued a final rule to implement its authority under section 1024 of Dodd-Frank to subject “larger participants” in the consumer reporting market to CFPB supervision.  The rule will have significant consequences for companies in the consumer reporting industry.  The final rule follows a proposed rule issued in February … Continue Reading

FFIEC Issues Risk Management Guidance for Cloud Computing

On July 10, the Federal Financial Institutions Examination Council (FFIEC) issued risk management guidance for depository institutions’ use of cloud computing.  The guidance defines cloud computing generally as “a migration from owned resources to shared resources in which client users receive information technology services, on demand, from third-party service providers via the Internet ‘cloud.’”  The guidance also … Continue Reading

Health Officials Emphasize Data Security for Providers’ Mobile Devices

Recently, officials from the Office of the National Coordinator for Health Information Technology (ONC) in the Department of Health and Human Services stressed the need for data security in connection with providers’ use of mobile devices for health care delivery.  Approximately 81 percent of physicians use smart phones or mobile devices.  The need for data … Continue Reading

Settlement Reached in Data Security Breach Lawsuit Against Bank

Yesterday, Village View, Inc. reached a settlement with Professional Business Bank, a California state-chartered bank subject to regulation by the Federal Deposit Insurance Corporation (FDIC), over the company’s lawsuit against the bank arising from a data security breach.  In March 2010, Village View lost nearly $400,000 after the company’s bank account was compromised by hackers.  … Continue Reading

FTC Enters into Consent Order with Spokeo over Fair Credit Reporting Act Violations

Yesterday, the Federal Trade Commission entered into a consent decree with Spokeo, Inc., for violations of the Fair Credit Reporting Act.  As reflected in the FTC staff blog post, the FTC’s action against Spokeo is the first FCRA case to address the sale of data collected from online sources, including social media, in the context of employee … Continue Reading

PCI Council Issues Guidance for Mobile Payment Acceptance

Yesterday, the Payment Card Industry Council issued guidance for merchants using smartphones or tablets to accept payments from customers.  The guidance follows up on the PCI Council Chairman’s pledge in February, as reported in this blog, to make mobile payments a top priority.  Payment card readers that can be attached to a smartphone or tablet have become … Continue Reading

Canadian Privacy Commissioner Issues Guidance under PIPEDA

Last week, the Office of the Privacy Commissioner in Canada (OPC) issued important guidance under Canada’s national privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA).  The guidance highlights various scenarios in which PIPEDA applies based on judicial opinions and previous OPC interpretations.  In general, PIPEDA applies to the personal information that an … Continue Reading

Fiserv Releases White Paper on Multi-Channel Banking

On April 4, 2012, Fiserv, one of the largest payment processing service providers for the banking industry, released a white paper analyzing the current state of multi-channel banking, which is a consumer’s use of more than one channel to conduct banking activities.  The white paper, titled “Snacking, Lunching and Fine Dining: How Mobile is Reshaping … Continue Reading

Federal Reserve Official Testifies Before Congress on Mobile Financial Services

On March 29, 2012, Director of the Federal Reserve’s Division of Consumer and Community Affairs Sandra Braunstein testified before the Senate Banking Committee on consumers’ use of mobile financial services.  Ms. Braunstein distinguished between “mobile banking,” which is a consumer’s use of a mobile device to interact with a financial institution, including checking balances and transferring … Continue Reading

New PCI Council Chairman Establishes Mobile Payments as Top Priority for 2012

Newly-appointed chairman of the PCI Security Standards Council, Michael Mitchell, recently reiterated the importance of data security for mobile payments technology and the Council’s priority in studying and advising the industry on such technology.  Chairman Mitchell pointed out the sharp increase in mobile payments but also a lag in security technology protecting such payments.  “The adoption of … Continue Reading

FTC Raises Fair Credit Reporting Act Concerns with Background Screening Application Marketers

On February 7, 2012, the Federal Trade Commission sent letters to six marketers of mobile applications that provide background screening services.  The applications, including “Police Records,” “Criminal Pages,” and “Locate Anyone,” provide criminal record histories that, if used for employment or other Fair Credit Reporting Act (FCRA)-related purposes, may subject the marketers to treatment as … Continue Reading

U.S. Supreme Court Rules CROA Does Not Override Arbitration Clauses

On January 10, the U.S. Supreme Court ruled in CompuCredit Corp. et al. v. Wanda Greenwood et al. that the Credit Repair Organizations Act (“CROA”) does not override arbitration clauses in agreements between consumers and credit repair organizations.  The CROA prohibits credit repair organizations (i.e., companies that seek to improve a consumer’s credit history or … Continue Reading

FFIEC Authentication Guidance to be a Hot Topic in 2012

Last year, the Federal Financial Institutions Examination Council (FFIEC) released a much-anticipated supplement to its Authentication in an Internet Banking Environment guidance.  The supplement updates the FFIEC’s supervisory expectations regarding depository institutions’ customer authentication, layered security, and other controls for Internet banking.  Starting this year, FFIEC information technology examinations will include reviews for compliance with … Continue Reading

NIST Releases Draft Roadmap for the U.S. Government’s Implementation of Cloud Technology

Last week, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) released for public comment a draft roadmap for implementing cloud computing technology across U.S. government agencies.  The roadmap is intended to foster adoption of cloud computing by federal agencies, reduce uncertainty surrounding cloud computing by improving the information available to policymakers, and facilitate … Continue Reading

PCI Council Opens Feedback Period for PCI-DSS and PA-DSS Versions 2.0

On Tuesday, the Payment Card Industry Security Standards Council announced that it was opening the formal feedback period for versions 2.0 of the Payment Card Industry Data Security Standard (“PCI-DSS”) and Payment Application Data Security Standard (“PA-DSS”), which were issued in October 2010 and will become effective exclusively when versions 1.2.1 are officially retired on December … Continue Reading

CFPB Supervision and Examination Manual Provides Procedures for Examining Compliance with Financial Privacy Laws

In mid-October 2011, the Consumer Financial Protection Bureau (CFPB) released version 1.0 of its Supervision and Examination Manual.  Pursuant to Dodd-Frank, the CFPB has primary examination authority for compliance with federal consumer financial laws over banks having $10 billion or more in assets and their affiliates, such as banks’ service providers, as well as certain … Continue Reading

Senator Rockefeller Requests Information Regarding Visa and Mastercard Data Collection Practices and Proposals

On October 27, 2011, Senator John D. Rockefeller, chairman of the Senate Commerce, Science, and Transportation Committee, sent letters to Visa and Mastercard requesting information regarding the companies’ data collection and aggregation practices and proposals.  An October 25, 2011, Wall Street Journal article outlined various initiatives from the two companies pertaining to online behavioral advertising.  Senator … Continue Reading

Verizon Report Concludes that Industry’s Compliance with PCI Standards Remains Low

In a report released on September 28, 2011, Verizon concluded that only 21 percent of organizations subject to the payment card industry’s data security standards (PCI-DSS) were fully compliant with PCI-DSS.  Verizon’s prior report found that 22 percent of organizations were fully compliant with PCI-DSS.  The PCI-DSS consist of 12 requirements relating to an organization’s information … Continue Reading

The Office of Financial Research and Legal Entity Identifiers

As covered in our earlier blog post, the Dodd-Frank Wall Street Reform and Consumer Protection Act establishes the Office of Financial Research (OFR) to collect and analyze U.S. financial data for financial regulators.  The OFR is tasked with, among other responsibilities, supporting the Financial Stability Oversight Council’s oversight of systemic risk, developing tools for measuring risk … Continue Reading

PCI Point-to-Point Encryption Standards May Simplify Compliance

Earlier this month, the Payment Card Industry Council (“PCI”) unveiled the first set of point-to-point encryption (“P2PE”) standards designed for providers of P2PE hardware-based encryption and decryption solutions.  P2PE providers develop for merchants point-of-sale hardware such as payment card readers and electronic cash registers that completely encrypt payment card data from the point the card … Continue Reading
LexBlog