Tag Archives: Financial Information

Overlap Between the GDPR and PSD2

By Bruce Bennett, Carlo Kostka, Charlotte Hill, Craig Pollack, Dan Cooper, Gemma Nash, Kristof Van Quathem, Mark Young, and Sophie Bertin The EU Payment Services Directive (PSD2), which took effect on January 13, 2018, puts an obligation on banks to give Third Party Providers (TPPs) access to a customer’s payment account data, provided the customer expressly … Continue Reading

Financial Industry Regulators Increase Data Security Oversight

On Wednesday, December 10, 2014, financial industry regulatory and enforcement agencies issued statements that their organizations will increase scrutiny of financial industry cybersecurity practices going forward. In New York, the State’s Department of Financial Services Superintendent Benjamin Lawsky issued new guidelines to banks, detailing how their cybersecurity practices would be evaluated. The memorandum—sent to all … Continue Reading

GAO Report Details CFPB’s Large-Scale Data Collection Practices, Identifies Shortcomings

This week, the Government Accountability Office (“GAO”) released a report recommending eleven actions the Consumer Financial Protection Bureau (“CFPB”) should take to enhance the privacy and security of its ongoing data collections.  The report also provides a detailed look at the increasingly large volume of information that CFPB collects, and how the agency’s data collection … Continue Reading

CFPB Proposes Revised Financial Privacy Rule

On May 6, 2014, the Consumer Financial Protection Bureau (“CFPB”) proposed a rule to modify the notice provisions of Regulation P, which implements the financial privacy provisions of the Gramm-Leach-Bliley Act (“GLBA”). Regulation P requires financial institutions to deliver an annual privacy notice to customers, which is often accomplished through a direct mailing to the … Continue Reading

Is Korea Moving Towards EU-Style Legislation for Financial Institutions?

By Hee-Eun Kim and Monika Kuschewsky In January 2014, a massive data leak of some 104 million credit card accounts shocked South Korea.  The number of affected accounts was twice the number of the population of South Korea’s.  The incident arose when a temporary employee of a personal credit rating agency that manages personal financial … Continue Reading

FTC Finalizes Settlements with Companies for Exposing Sensitive Consumer Information through Installation of Peer-to-Peer File Sharing Software

On October 26, 2012, the FTC finalized settlements with Georgia auto dealer Franklin Budget Car Sales, Inc. and Utah-based debt collector EPN Inc. over charges that each company illegally exposed sensitive personal information of consumers by allowing peer-to-peer (P2P) file-sharing software to be installed on their corporate computer systems.  The final settlements follow a notice-and-comment period … Continue Reading

First Circuit Finds Bank’s Online-Security Procedures ‘Commercially Unreasonable’

A bank that required a commercial customer to answer “challenge questions” for virtually all online payments and that did not implement other common security measures failed to provide a commercially reasonable level of security, the U.S. Court of Appeals for the First Circuit ruled this week. The case arose when unknown hackers were able to … Continue Reading

FCC, Companies Announce Mobile Device Anti-Theft Database

Earlier this week, Federal Communications Commission Chairman Julius Genachowski, together with major U.S. wireless carriers and chiefs of police, announced a plan to develop databases that will allow consumers whose mobile devices have been stolen to render the devices inoperable on mobile networks.  The database will be created over the next eighteen months.  Using the … Continue Reading

PCI Council Opens Feedback Period for PCI-DSS and PA-DSS Versions 2.0

On Tuesday, the Payment Card Industry Security Standards Council announced that it was opening the formal feedback period for versions 2.0 of the Payment Card Industry Data Security Standard (“PCI-DSS”) and Payment Application Data Security Standard (“PA-DSS”), which were issued in October 2010 and will become effective exclusively when versions 1.2.1 are officially retired on December … Continue Reading

Banks Explore Advertising On Customer Bank Statements

The Washington Post has published an article describing a relatively new arena for behavioral advertising: your online bank statement.  Participating banks serve marketing to their customers based on the customer’s spending history.  These promotions may be particularly valuable to advertisers because they are targeted based on how a customer actually spends his or her money and because customers can … Continue Reading
LexBlog