Updates on Developments in Data Privacy and Cybersecurity
Yesterday, Village View, Inc. reached a settlement with Professional Business Bank, a California state-chartered bank subject to regulation by the Federal Deposit Insurance Corporation (FDIC), over the company’s lawsuit against the bank arising from a data security breach. In March 2010, Village View lost nearly $400,000 after the company’s bank…
Continue Reading Settlement Reached in Data Security Breach Lawsuit Against Bank
Last week, Rep. Blaine Luetkemeyer (R-MO) introduced legislation (H.R. 5817) to limit the obligations of certain financial institutions to provide an annual privacy notice to consumers. Under the Gramm-Leach-Bliley Act (“GLBA”), financial institutions must provide customers an initial privacy notice and, for the duration of a customer relationship, an annual privacy notice that describes the company’s information-sharing practices. While anything is possible in Washington, particularly in a Presidential election year, the expectation is that this bill is unlikely to progress to enactment.
Under H.R. 5817, a financial institution would not be obligated to provide customers with an annual privacy notice so long as the company shares information only in certain limited respects (that are more narrow than those permitted under federal law) and provided that the company has not changed its privacy policies or practices from those disclosed in its most recent privacy notice. Specifically, the carve-out would only be available to those financial institutions that do not share information in either of the following respects:Continue Reading Proposed Bill Would Limit Annual Privacy Notice Requirement Under GLBA
The Federal Trade Commission has announced that it will host a workshop on April 26, 2012, to discuss mobile payments. In addition to exploring payment technologies and business models, the workshop will likely cover consumer protection issues such as the risks of financial loss, the need for information disclosures, data…
Last year, the Federal Financial Institutions Examination Council (FFIEC) released a much-anticipated supplement to its Authentication in an Internet Banking Environment guidance. The supplement updates the FFIEC’s supervisory expectations regarding depository institutions’ customer authentication, layered security, and other controls for Internet banking. Starting this year, FFIEC information technology examinations will…
Continue Reading FFIEC Authentication Guidance to be a Hot Topic in 2012
In mid-October 2011, the Consumer Financial Protection Bureau (CFPB) released version 1.0 of its Supervision and Examination Manual. Pursuant to Dodd-Frank, the CFPB has primary examination authority for compliance with federal consumer financial laws over banks having $10 billion or more in assets and their affiliates, such as banks&rsquo…
As covered in our earlier blog post, the Dodd-Frank Wall Street Reform and Consumer Protection Act establishes the Office of Financial Research (OFR) to collect and analyze U.S. financial data for financial regulators. The OFR is tasked with, among other responsibilities, supporting the Financial Stability Oversight Council’s oversight of…
Continue Reading The Office of Financial Research and Legal Entity Identifiers
The Commodity Futures Trading Commission (“CFTC”) recently approved a final rule broadening the scope of the CFTC’s financial privacy regulations under the Gramm-Leach-Bliley Act (“GLBA”) to include “swap dealers” and “major swap participants,” two types of entities created by and subject to regulation under Dodd-Frank. GLBA requires financial institutions to, among other requirements, establish safeguards to ensure the security and confidentiality of consumer records and to comply with certain requirements governing the disclosure of consumers’ personal information. Swap dealers and major swap participants are expected to collect and use nonpublic personal information in a similar manner as financial institutions currently subject to GLBA’s financial privacy requirements. The CFTC’s rule simply extends the financial privacy requirements to swap dealers and major swap participants.
The final rule becomes effective 60 days after the CFTC finalizes its regulations further defining the terms “swap dealer” and “major swap participant.” On December 21, 2010, the CFTC issued proposed regulations with respect to these definitions. The proposed definitions of these terms under the Dodd-Frank statute appear after the jump.Continue Reading CFTC Issues Final Rule Extending Financial Privacy Requirements to Swap Dealers and Major Swap Participants
Today, the Consumer Financial Protection Bureau (“CFPB”) assumed certain powers and authorities set forth in Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act. The CFPB is tasked with implementing and enforcing Federal consumer financial laws to ensure that consumers have access to markets for consumer financial…
The Federal Financial Institutions Examination Council (FFIEC) released the long-awaited supplement to its authentication guidance, Authentication in an Internet Banking Environment. The supplement represents the most current and authoritative guidance regarding data security in connection with online banking platforms.
Here are a few highlights of the supplement:
…
Continue Reading FFIEC Releases Supplement to Authentication Guidance
The Society for Worldwide Interbank Financial Telecommunication, or SWIFT, provides an organizational platform for facilitating international payments. U.S. and foreign financial institutions use SWIFT messages to initiate, process, receive, and settle payment orders. The amount of information exchanged via SWIFT is immense. More than 9,000 financial institutions in 209 countries…
Continue Reading SWIFT Messaging Raises Unique Financial Privacy Issues
