CFPB Issues Advanced Notice of Proposed Rulemaking on Section 1033 for Consumer-Authorized Access to Financial DataOn October 22, 2020, the CFPB issued an advance notice of proposed rulemaking (ANPR) soliciting comments on implementation of Section 1033 of the Dodd-Frank Act. As outlined in the ANPR, Section 1033 will require consumer financial service providers to give consumers access to financial account data in a usable electronic format. This data includes information

The Perils of Responding to Cyber-Incidents Just Got More ComplicatedIt’s 8 a.m., and you just learned that a material cyber-incident occurred in your organization. You fire up your Incident Response Plan. You engage outside counsel, and outside counsel engages a forensic firm. Your company, your outside counsel, and your forensic firm all sign an agreement that the forensic firm will work at the direction

What You Need to Know About Address Confidentiality Programs

The High-Stakes Compliance Risk You Probably Haven’t Heard Of

This is the first installment in Bradley’s series on Address Confidentiality Programs.

While many businesses have been focused on CCPA compliance, there is another set of state privacy laws that may be flying under your organization’s radar. These lesser known statutes are often referred to as

Tracking Privacy: State Developments to Keep an Eye OnWe are a little more than two weeks into the new year and we’ve already seen several states introduce comprehensive privacy legislation on the heels of California’s Consumer Privacy Act (CCPA). It is no easy task to stay on top of (potentially) 50 different privacy requirements, each with differing applicability standards, definitions, requirements, obligations, and

Data Modeling Remains Auto Finance Target in CFPB’s Fair Lending GovernanceThe Consumer Financial Protection Bureau made it clear that it will continue to target auto finance lenders as one of its top supervisory and enforcement priorities in the Fair Lending Report of the Bureau of Consumer Financial Protection , which was released in June 2019.  In addition to adding student loan origination to its watchdog

California’s Bot Transparency Law Goes into Effect on July 1, 2019California wants to ensure that consumers know what they are talking to.

On July 1, 2019, California’s new bot disclosure law will take effect, requiring bots to be upfront about their inhumanity.  The law prohibits bots from communicating with a person in California with the intent to mislead as to their artificial identity for the

New “Do Not Sell” Nevada Privacy Law Requirement Rolls Out Ahead of CCPA DeadlineStates across the country are floating privacy-related legislation in many forms, and California continues to consider many potential amendments to the landmark California Consumer Privacy Act (Cal. Civ. Code 1798.100 et seq., “CCPA”), which goes into effect on January 1, 2020. On May 30, a law of significance to sellers of consumer personal information was

First Federal Legislation Proposed Relating to Protection of BiometricsAmidst privacy concerns and booming technological innovation, Sens. Roy Blunt (R-Mo.) and Brian Schatz (D-Hawaii) have introduced a bill proposed as the “Commercial Facial Recognition Privacy Act of 2019” (CFRPA) targeting arguably the most “personal” biometric identifier—our face. While several states have enacted legislation relating to protection of biometric identifiers, this is the

New Year, New Data Security Requirement: South Carolina Adopts New Data Security LawOn January 1st, South Carolina became the first state to adopt the model insurance data security law requiring certain insurance licensees to investigate and report cybersecurity events in the state of South Carolina. The law also requires licensees to develop, implement and maintain written information security programs that are tailored to the size,

Financial Institutions Targeted by “London Blue” Hackers GroupA cyber threat detection company has identified a Nigerian-based hacking group that is engaging in a spearphishing campaign against financial institutions. Spearphishing is a directed email phishing campaign that is typically aimed at those with responsibilities relating to financial transactions. In this case, the group in question has compiled a list of over 35,000