Category Archives: Data Privacy

Subscribe to Data Privacy RSS Feed

Data Modeling Remains Auto Finance Target in CFPB’s Fair Lending Governance

The Consumer Financial Protection Bureau made it clear that it will continue to target auto finance lenders as one of its top supervisory and enforcement priorities in the Fair Lending Report of the Bureau of Consumer Financial Protection , which was released in June 2019.  In addition to adding student loan origination to its watchdog … Continue Reading

California’s Bot Transparency Law Goes into Effect on July 1, 2019

California wants to ensure that consumers know what they are talking to. On July 1, 2019, California’s new bot disclosure law will take effect, requiring bots to be upfront about their inhumanity.  The law prohibits bots from communicating with a person in California with the intent to mislead as to their artificial identity for the … Continue Reading

New “Do Not Sell” Nevada Privacy Law Requirement Rolls Out Ahead of CCPA Deadline

States across the country are floating privacy-related legislation in many forms, and California continues to consider many potential amendments to the landmark California Consumer Privacy Act (Cal. Civ. Code 1798.100 et seq., “CCPA”), which goes into effect on January 1, 2020. On May 30, a law of significance to sellers of consumer personal information was … Continue Reading

First Federal Legislation Proposed Relating to Protection of Biometrics

Amidst privacy concerns and booming technological innovation, Sens. Roy Blunt (R-Mo.) and Brian Schatz (D-Hawaii) have introduced a bill proposed as the “Commercial Facial Recognition Privacy Act of 2019” (CFRPA) targeting arguably the most “personal” biometric identifier—our face. While several states have enacted legislation relating to protection of biometric identifiers, this is the first federal … Continue Reading

New Year, New Data Security Requirement: South Carolina Adopts New Data Security Law

On January 1st, South Carolina became the first state to adopt the model insurance data security law requiring certain insurance licensees to investigate and report cybersecurity events in the state of South Carolina. The law also requires licensees to develop, implement and maintain written information security programs that are tailored to the size, complexity and … Continue Reading

Financial Institutions Targeted by “London Blue” Hackers Group

A cyber threat detection company has identified a Nigerian-based hacking group that is engaging in a spearphishing campaign against financial institutions. Spearphishing is a directed email phishing campaign that is typically aimed at those with responsibilities relating to financial transactions. In this case, the group in question has compiled a list of over 35,000 CFOs … Continue Reading

To Catch a Terrorist – Innovation, AI, and Public/Private Partnerships in the World of BSA/AML

On the heels of FinCen and Federal Banking Agencies releasing a joint statement “Encouraging Innovative Industry Approaches to AML Compliance,” Under Secretary for Terrorism and Financial Intelligence Sigal Mandelker announced a new collaborative era during the American Bankers Association’s Financial Crimes Conference, and emphasized the need for private/governmental working relationships and partnerships in order to combat … Continue Reading

Canadian Confidential: Mandatory Data Breach Notifications under PIPEDA

While businesses and consumers were all agog to see the latest variation of the California Consumer Privacy Act passed earlier this year, Canada quietly introduced its latest permutation to the Personal Information Protection and Electronic Documents Act (PIPEDA), which imposes new mandatory breach notification obligations on companies engaged in the collection of Canadians’ personal information. … Continue Reading

CalCoPA – Does It Apply to Your Organization?

As discussed in Part 1, the California Consumer Privacy Act of 2018 (CalCoPA) is a game-changing privacy act that sets a new bar for consumer privacy rights in the U.S. The primary reason it differs from existing legislation is that it goes beyond merely having to provide assurances or notices and requires organizations to be … Continue Reading

Potential Bank Customer Data Exposed through Fiserv Platform Flaw

Security researchers and cybersecurity experts recently discovered a weakness in Fiserv’s web platform, which may have exposed the personal and financial details of customers across hundreds of internet banking sites. The flaw involved a messaging platform used by Fiserv to send account alerts to customers of Fiserv-affiliated banks. These alerts can be set up to notify … Continue Reading

California Sets the Bar for Privacy with the Passage of The California Consumer Privacy Act of 2018 – Part I

As most people started to wind down for the July 4th holiday week, California was just ramping up its “as California goes” focus on data privacy. On June 28, 2018, California passed a comprehensive data privacy bill that has been touted as the strictest in the nation. The good news first—businesses have until January 1, … Continue Reading

FFIEC Highlights Cyber Insurance for Financial Institutions

The Federal Financial Institutions Examination Council (FFIEC) has issued a joint statement emphasizing the need for lenders and servicers to include cyber insurance in their risk management program. Although the FFIEC did not announce new regulatory requirements or expectations, the announcement is further evidence of what most in the industry have already recognized: Cyber coverage … Continue Reading

Better Late than Never? Alabama, the 50th State to Pass a Data Breach Law

On March 1, 2018, the Alabama Senate unanimously passed the Alabama Data Breach Notification Act of 2018 (SB 318). On March 22, 2018, the House of Representatives, following an amendment by the Technology and Research Committee, also passed SB 318. Just a day prior to the Alabama House passing SB 318, South Dakota Governor Dennis Daugaard signed SB … Continue Reading

Five Privacy Practices Every Company Should Address in the Wake of the FTC’s Enforcement Action against PayPal

Privacy is serious business. This was made clear in the Federal Trade Commission’s (FTC) recent announcement that it had settled its complaint against Venmo, PayPal’s peer-to-peer payment service, for misrepresentations to consumers regarding privacy and security settings. Although the terms of the settlement do not become final until approval by the FTC on or about … Continue Reading

Will Congress Upend Credit Reporting Agencies’ Cybersecurity Regulation in Light of Recent Data Breach?

Senators Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.) introduced the Data Breach Prevention and Compensation Act on January 10, 2018 in an effort to increase accountability of large Credit Reporting Agencies (CRAs) for data breaches involving consumer data. The bill, drafted in response to the September 2017 Equifax data breach revelations, seeks to impose direct administrative … Continue Reading

Parallel Universe or Coincidence: The CFPB’s New Data Consumer Protection Principles’ Relationship to GDPR

On October 18, 2017, the Consumer Financial Protection Bureau (CFPB) outlined nine non-binding Consumer Protection Principles (the Principles) for the access and sharing of consumer information between third-party companies. The Principles focus on the consumer experience, specifically consumers’ enhanced control over their financial lives. The CFPB envisions a marketplace in which consumers are in the … Continue Reading

In the Wake of Equifax: What Auto Dealers Need to Know About Data Privacy

Following the recent Equifax data breach wherein millions of consumers’ private information may have been compromised, it is increasingly clear that consumer-interfacing businesses need to, and in some cases are required to, take steps to protect their consumers’ private information. Although not traditionally considered “financial institutions,” auto dealers that engage in financial activities—those that extend … Continue Reading

Foreign No More: Transferring Data on Demand U.S. Companies and GDPR Data Portability

Much has been written about the consternation and concern of businesses around the world regarding the European Union’s General Data Protection Regulation (GDPR), which takes effect on May 25, 2018. The GDPR applies to companies operating within the EU that control or process data. Notably, it also applies to companies outside the EU that offer … Continue Reading

CFPB Walks the Data Privacy Tightrope on Public HMDA Disclosures

In the wake of the Equifax data breach, consumers, companies, and regulators alike are cognizant of the potential exposure of personal information, and many companies are looking at ways to decrease the risk of unauthorized disclosure of personal data. In creating effective data privacy policies and procedures, companies must also analyze requirements under certain statutes … Continue Reading

The Bank Next Door: Part I – Using Social Media to “Friend” Customers

[This post is the first in a series of post which will examine the risks, rewards, innovative uses, and changing legal landscape of social media use by financial services institutions. Future blog posts will examine topics such as: monitoring and managing consumer complaints through social media, disgruntled employee use of social media, and control over content and message. … Continue Reading
LexBlog