On April 25, 2023, four federal agencies — the Department of Justice (“DOJ”), Federal Trade Commission (“FTC”), Consumer Financial Protection Bureau (“CFPB”), and Equal Employment Opportunity Commission (“EEOC”) — released a joint statement on the agencies’ efforts to address discrimination and bias in automated systems. Continue Reading DOJ, FTC, CFPB, and EEOC Statement on Discrimination and AI
CFPB
CFPB Issues $100,000 Fine in First-Ever Data Security Enforcement Action
On March 2, 2016, the Consumer Financial Protection Bureau (CFPB) entered into a consent order with online payment systems operator Dwolla, Inc., based on allegations that Dwolla deceived consumers about its data security practices and the safety of its online payment system. The CFPB brought this action under its authority…
Continue Reading CFPB Issues $100,000 Fine in First-Ever Data Security Enforcement Action
Officials Comment on the Future of FTC, FCC, and CFPB Privacy Enforcement Authority
By Caleb Skeath
At a recent IAPP privacy event, officials from the FTC and CFPB offered insight into their respective agencies’ future enforcement plans, as well as the shifting landscape of privacy enforcement actions. Although such enforcement actions have historically been the domain of the FTC, the FCC recently entered the privacy enforcement arena, announcing a $10 million fine against two telecommunications carriers on October 24 for failing to protect customer data. While the FTC has broad authority under Section 5 to police unfair and deceptive acts and practices, the FCC relied on its authority under Section 201(b) to prohibit “unjust or unreasonable” practices to support its recent enforcement action. The FCC also announced on October 28 that it joined the Global Privacy Enforcement Network, an organization dedicated to fostering cross-border cooperation among privacy authorities. Prior to the FCC’s joining the Network, the FTC was the only U.S. member.Continue Reading Officials Comment on the Future of FTC, FCC, and CFPB Privacy Enforcement Authority
CFPB Finalizes Rule to Allow Online Privacy Disclosures from Financial Institutions
By Ani Gevorkian
Under the Gramm-Leach-Bliley Act (GBLA), a financial institution generally must send annual privacy notices to customers that describe whether and how the financial institution shares their nonpublic personal information. An institution that shares this information with unaffiliated third parties generally must notify customers of their right to opt out of the sharing and provide instructions on how to do so.
Under the new rule, a financial institution may meet GBLA requirements by posting privacy notices online instead of distributing an annual paper copy, as long as the institution adheres to certain requirements. For instance, the institution may not share data in ways that trigger customers’ opt-out rights. They must also continue to send notices through existing delivery methods if the policies’ terms change or if a customer with limited internet access requests by phone to receive a notice.
Continue Reading CFPB Finalizes Rule to Allow Online Privacy Disclosures from Financial Institutions
CFPB Proposes Revised Financial Privacy Rule
On May 6, 2014, the Consumer Financial Protection Bureau (“CFPB”) proposed a rule to modify the notice provisions of Regulation P, which implements the financial privacy provisions of the Gramm-Leach-Bliley Act (“GLBA”).
Regulation P requires financial institutions to deliver an annual privacy notice to customers, which is often accomplished through a direct mailing to the customer. The proposed rule would allow a financial institution to meet this annual privacy notice delivery requirement, in certain circumstances, by continuously posting the privacy notice on its website in a clear and conspicuous manner (described as the “proposed alternative delivery method” in the proposed rule), and providing the customer with a clear and conspicuous annual disclosure that (i) the privacy notice has not changed, (ii) the notice is available on the institution’s website, and (iii) the customer may request a mailed copy of the notice by calling a toll-free number.Continue Reading CFPB Proposes Revised Financial Privacy Rule
GAO to Review CFPB Data Collection Initiative
Last week, the Government Accountability Office (GAO) agreed to review the Consumer Financial Protection Bureau’s (CFPB) collection and analysis of consumer credit records in response to a request from Senator Mike Crapo (R-ID). In a letter to the GAO Comptroller General, Sen. Crapo requested that the GAO investigate “CFPB’s data…
Continue Reading GAO to Review CFPB Data Collection Initiative
CFPB Rulemaking Agenda Includes Potential Changes to GLBA Annual Privacy Notice Requirement
Earlier this month, the Consumer Financial Protection Bureau (CFPB) posted its semi-annual update of its rulemaking agenda for the coming 12-month regulatory cycle, including recently-completed rulemakings. The rulemaking agenda is part of a broader initiative led by the Office of Management and Budget (OMB) to publish a Unified Agenda of…
CFPB Offers Assistance for Consumer Credit Reporting Complaints
Last week, the Consumer Financial Protection Bureau (CFPB) announced that it had established a process for assisting consumers with credit reporting complaints. The CFPB previously had implemented similar processes for complaints relating to credit cards, mortgages, bank accounts and services, private student loans, vehicle, and other consumer loans. The complaint…
Continue Reading CFPB Offers Assistance for Consumer Credit Reporting Complaints
CFPB Study Assesses Differences in Credit Scores Sold to Consumers and Creditors
Last week, the Consumer Financial Protection Bureau (CFPB) released a study comparing credit scores sold to creditors and those sold to consumers. The study found that approximately 1 in 5 consumers would, upon purchasing their credit score from a consumer reporting agency, receive a different credit score than the score…
Continue Reading CFPB Study Assesses Differences in Credit Scores Sold to Consumers and Creditors
CFPB Issues Rule to Supervise Larger Participants in Consumer Reporting Market
The Consumer Financial Protection Bureau (CFPB) has issued a final rule to implement its authority under section 1024 of Dodd-Frank to subject “larger participants” in the consumer reporting market to CFPB supervision. The rule will have significant consequences for companies in the consumer reporting industry. The final rule follows a proposed rule issued in February 2012 indicating that the CFPB intended to supervise the consumer reporting market as part of the CFPB’s authority to supervise nonbank providers of consumer financial products and services. The final rule is effective September 30, 2012.
The final rule defines a “larger participant” in the consumer reporting market as a nonbank covered person that offers or provides consumer reporting and has annual receipts from consumer reporting in excess of $7 million.Continue Reading CFPB Issues Rule to Supervise Larger Participants in Consumer Reporting Market