Tag Archives: Financial Privacy

The Office of Financial Research and Legal Entity Identifiers

As covered in our earlier blog post, the Dodd-Frank Wall Street Reform and Consumer Protection Act establishes the Office of Financial Research (OFR) to collect and analyze U.S. financial data for financial regulators.  The OFR is tasked with, among other responsibilities, supporting the Financial Stability Oversight Council’s oversight of systemic risk, developing tools for measuring risk … Continue Reading

PCI Point-to-Point Encryption Standards May Simplify Compliance

Earlier this month, the Payment Card Industry Council (“PCI”) unveiled the first set of point-to-point encryption (“P2PE”) standards designed for providers of P2PE hardware-based encryption and decryption solutions.  P2PE providers develop for merchants point-of-sale hardware such as payment card readers and electronic cash registers that completely encrypt payment card data from the point the card … Continue Reading

Congressional Hearing Panelists Discuss Financial Privacy Implications of the Newly Established Office of Financial Research

Yesterday, a subcommittee of the House Financial Services Committee held a hearing to discuss cybersecurity and security threats to the financial sector.  The panelists included officials from the Secret Service, Federal Bureau of Investigation, and Department of Homeland Security, as well as representatives from Verizon, Symantec, Bank of America, and public interest organizations.  The panelists … Continue Reading

CFTC Issues Final Rule Extending Financial Privacy Requirements to Swap Dealers and Major Swap Participants

The Commodity Futures Trading Commission (“CFTC”) recently approved a final rule broadening the scope of the CFTC’s financial privacy regulations under the Gramm-Leach-Bliley Act (“GLBA”) to include “swap dealers” and “major swap participants,” two types of entities created by and subject to regulation under Dodd-Frank.  GLBA requires financial institutions to, among other requirements, establish safeguards … Continue Reading

CFPB Opens for Business

Today, the Consumer Financial Protection Bureau (“CFPB”) assumed certain powers and authorities set forth in Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act.  The CFPB is tasked with implementing and enforcing Federal consumer financial laws to ensure that consumers have access to markets for consumer financial products and services, and that … Continue Reading

Connecticut Latest State to Prohibit Employers from Using Credit Reports in Employment Decisions

On July 13, 2011, Connecticut adopted a law prohibiting certain employers from using employees’ or prospective employees’ credit report information in making employment or hiring decisions.  Hawaii, Illinois, Oregon, Washington, and Maryland also have statutes that prohibit employers’ use of credit report information for employment purposes.  Other states currently considering similar legislation include California, New … Continue Reading

Flurry of Privacy Bills Introduced in Congress; More to Come?

In light of the number of privacy and data security-related bills currently being considered by Congress, we thought it might be helpful to provide a roundup of the legislation introduced or circulated to date: Comprehensive privacy legislation: BEST PRACTICES Act, H.R. 611 (Rep. Rush): introduced Feb. 10, 2011.  Referred to the House Subcommittee on Commerce, … Continue Reading

SWIFT Messaging Raises Unique Financial Privacy Issues

The Society for Worldwide Interbank Financial Telecommunication, or SWIFT, provides an organizational platform for facilitating international payments.  U.S. and foreign financial institutions use SWIFT messages to initiate, process, receive, and settle payment orders.  The amount of information exchanged via SWIFT is immense.  More than 9,000 financial institutions in 209 countries rely on SWIFT to process … Continue Reading

SEC Imposes Fines under Regulation S-P for the First Time

On April 7, 2011, the Securities and Exchange Commission announced a total of $55,000 in fines against three former executives of a securities broker-dealer for violations of the privacy and safeguard rules in Regulation S-P.  The fines mark the first time the SEC has imposed administrative fines for violations of these rules.  Copies of the … Continue Reading

State Bills to Restrict Employer Use of Employee Credit Reports Grow in Number

As we reported in a prior post, there is a developing legislative trend to restrict employers’ use of credit report information in making adverse employment decisions (e.g., hiring, promotion, termination) regarding prospective or current employees.  There are currently 18 states considering legislation in this area: California, Indiana, Kentucky, Missouri, Nebraska, New Mexico, New York, Texas, … Continue Reading

Federal and State Legislation to Restrict Employer Use of Employee Credit Reports

On January 19, U.S. Representative Steve Cohen (D-TN) introduced H.R. 321, the “Equal Employment for All Act,” which would amend the Fair Credit Reporting Act to restrict employers from using consumer credit reports to make adverse employment decisions (e.g., hiring, promotion, termination) regarding prospective or current employees.  The Act contains exceptions for, among other scenarios, … Continue Reading

Consumer Financial Protection Bureau Publishes Notice of “Consumer Inquiry and Complaint Database”

The deadline to submit comments in response to the Consumer Financial Protection Bureau (CFPB) Implementation Team’s notice to establish the “Consumer Inquiry and Complaint Database” is less than two weeks away.  Title X of the Dodd-Frank Act establishes the CFPB to enforce federal consumer financial laws through rulemaking, supervision, and enforcement authority.  Dodd-Frank grants the … Continue Reading

Remote Deposit Capture Services Present Opportunity and Risk

According to a Federal Deposit Insurance Corporation survey of depository institutions, approximately 38 percent of institutions offer some form of remote deposit capture (RDC) service.  RDC enables a customer to deposit checks and other items electronically through the internet or the customer’s mobile phone.  The service was first authorized in 2004 when Congress passed the … Continue Reading

Federal Trade Commission Provides Initial Interpretation of the Red Flags Clarification Act in Litigation with the American Bar Association

We recently covered the Red Flag Program Clarification Act of 2010 in a blog post and client alert.  The Act was intended to narrow the scope of the Federal Trade Commission’s Red Flags rule, which imposes requirements on creditors and financial institutions to detect and deter identity theft.  Prior to the Act’s passage, the American … Continue Reading

U.S. Supreme Court Denies Cert in Seventh Circuit Case Involving FACTA and E-Commerce

Yesterday, the U.S. Supreme Court refused to reconsider Shlahtichman v. 1-800 Contacts Inc., in which the U.S. Court of Appeals for the Seventh Circuit held that an email confirmation of an online purchase is not “electronically printed” for purposes of the Fair and Accurate Credit Transactions Act of 2003 (“FACTA”).  Among other restrictions, FACTA prohibits … Continue Reading

Administration Announces Office to Build “Identity Ecosystem”

The White House is establishing a new office to work with industry to develop an online “identity ecosystem” in which consumers and businesses can transact securely and privately without the need for passwords.  U.S. Commerce Secretary Gary Locke and White House Cybersecurity Coordinator Howard Schmidt recently announced plans to create the new “National Program Office,” … Continue Reading

New Law Restricts Misleading Online Sales Practices

On December 29, President Obama signed the “Restore Online Shoppers’ Confidence Act” into law.  The legislation prohibits e-commerce retailers from passing customers’ billing information to post-transaction third-party sellers, and also requires post-transaction sellers to meet certain requirements before charging consumers’ financial accounts.  Specifically, the post-transaction seller must (1) disclose all material terms of the transaction, including … Continue Reading

President Signs Into Law Legislation Narrowing Scope of Red Flags Rule

Over the weekend, President Obama signed into law the “Red Flag Program Clarification Act of 2010.”  The Act is intended to narrow the types of entities that are subject to the Federal Trade Commission’s Red Flags rule, which requires financial institutions and creditors to take certain steps to prevent identity theft.  More information on the … Continue Reading

President to Sign Into Law Legislation Narrowing Scope of Red Flags Rule

Last week, Congress delivered to President Obama for his signature the “Red Flag Program Clarification Act of 2010,” which is intended to narrow the types of entities that are subject to the Federal Trade Commission’s Red Flags rule.  The Red Flags rule requires “financial institutions” and “creditors” to establish programs to detect, prevent, and mitigate … Continue Reading