On March 2, 2016, the Consumer Financial Protection Bureau (CFPB) entered into a consent order with online payment systems operator Dwolla, Inc., based on allegations that Dwolla deceived consumers about its data security practices and the safety of its online payment system. The CFPB brought this action under its authority in Sections 1031(a) and 1036(a)(1)

By Caleb Skeath

At a recent IAPP privacy event, officials from the FTC and CFPB offered insight into their respective agencies’ future enforcement plans, as well as the shifting landscape of privacy enforcement actions.  Although such enforcement actions have historically been the domain of the FTC, the FCC recently entered the privacy enforcement arena, announcing a $10 million fine against two telecommunications carriers on October 24 for failing to protect customer data.  While the FTC has broad authority under Section 5 to police unfair and deceptive acts and practices, the FCC relied on its authority under Section 201(b) to prohibit “unjust or unreasonable” practices to support its recent enforcement action.  The FCC also announced on October 28 that it joined the Global Privacy Enforcement Network, an organization dedicated to fostering cross-border cooperation among privacy authorities. Prior to the FCC’s joining the Network, the FTC was the only U.S. member.

Continue Reading Officials Comment on the Future of FTC, FCC, and CFPB Privacy Enforcement Authority

By Ani Gevorkian

On Monday, the Consumer Financial Protection Bureau (CFPB) finalized a rule that promotes more effective privacy disclosures and saves the financial services industry around $17 million dollars.  The new rule permits financial institutions that restrict data-sharing to post their annual privacy notices online rather than delivering them to customers individually.  The rule will be effective as soon as it is published in the Federal Register. 

Under the Gramm-Leach-Bliley Act (GBLA), a financial institution generally must send annual privacy notices to customers that describe whether and how the financial institution shares their nonpublic personal information.  An institution that shares this information with unaffiliated third parties generally must notify customers of their right to opt out of the sharing and provide instructions on how to do so.

Under the new rule, a financial institution may meet GBLA requirements by posting privacy notices online instead of distributing an annual paper copy, as long as the institution adheres to certain requirements.  For instance, the institution may not share data in ways that trigger customers’ opt-out rights.  They must also continue to send notices through existing delivery methods if the policies’ terms change or if a customer with limited internet access requests by phone to receive a notice.
Continue Reading CFPB Finalizes Rule to Allow Online Privacy Disclosures from Financial Institutions

On May 6, 2014, the Consumer Financial Protection Bureau (“CFPB”) proposed a rule to modify the notice provisions of Regulation P, which implements the financial privacy provisions of the Gramm-Leach-Bliley Act (“GLBA”).

Regulation P requires financial institutions to deliver an annual privacy notice to customers, which is often accomplished through a direct mailing to the customer.  The proposed rule would allow a financial institution to meet this annual privacy notice delivery requirement, in certain circumstances, by continuously posting the privacy notice on its website in a clear and conspicuous manner (described as the “proposed alternative delivery method” in the proposed rule), and providing the customer with a clear and conspicuous annual disclosure that (i) the privacy notice has not changed, (ii) the notice is available on the institution’s website, and (iii) the customer may request a mailed copy of the notice by calling a toll-free number.

Continue Reading CFPB Proposes Revised Financial Privacy Rule

Last week, the Government Accountability Office (GAO) agreed to review the Consumer Financial Protection Bureau’s (CFPB) collection and analysis of consumer credit records in response to a request from Senator Mike Crapo (R-ID).  In a letter to the GAO Comptroller General, Sen. Crapo requested that the GAO investigate “CFPB’s data collection to determine its purpose

Earlier this month, the Consumer Financial Protection Bureau (CFPB) posted its semi-annual update of its rulemaking agenda for the coming 12-month regulatory cycle, including recently-completed rulemakings.  The rulemaking agenda is part of a broader initiative led by the Office of Management and Budget (OMB) to publish a Unified Agenda of federal regulatory and deregulatory actions

Last week, the Consumer Financial Protection Bureau (CFPB) announced that it had established a process for assisting consumers with credit reporting complaints.  The CFPB previously had implemented similar processes for complaints relating to credit cards, mortgages, bank accounts and services, private student loans, vehicle, and other consumer loans.  The complaint process is intended to complement

Last week, the Consumer Financial Protection Bureau (CFPB) released a study comparing credit scores sold to creditors and those sold to consumers.  The study found that approximately 1 in 5 consumers would, upon purchasing their credit score from a consumer reporting agency, receive a different credit score than the score provided to creditors for use

The Consumer Financial Protection Bureau (CFPB) has issued a final rule to implement its authority under section 1024 of Dodd-Frank to subject “larger participants” in the consumer reporting market to CFPB supervision.  The rule will have significant consequences for companies in the consumer reporting industry.  The final rule follows a proposed rule issued in February 2012 indicating that the CFPB intended to supervise the consumer reporting market as part of the CFPB’s authority to supervise nonbank providers of consumer financial products and services.  The final rule is effective September 30, 2012. 

The final rule defines a “larger participant” in the consumer reporting market as a nonbank covered person that offers or provides consumer reporting and has annual receipts from consumer reporting in excess of $7 million.

Continue Reading CFPB Issues Rule to Supervise Larger Participants in Consumer Reporting Market

In mid-October 2011, the Consumer Financial Protection Bureau (CFPB) released version 1.0 of its Supervision and Examination Manual.  Pursuant to Dodd-Frank, the CFPB has primary examination authority for compliance with federal consumer financial laws over banks having $10 billion or more in assets and their affiliates, such as banks’ service providers, as well as