Category Archives: Data Privacy

Subscribe to Data Privacy RSS Feed

California Sets the Bar for Privacy with the Passage of The California Consumer Privacy Act of 2018 – Part I

As most people started to wind down for the July 4th holiday week, California was just ramping up its “as California goes” focus on data privacy. On June 28, 2018, California passed a comprehensive data privacy bill that has been touted as the strictest in the nation. The good news first—businesses have until January 1, … Continue Reading

FFIEC Highlights Cyber Insurance for Financial Institutions

The Federal Financial Institutions Examination Council (FFIEC) has issued a joint statement emphasizing the need for lenders and servicers to include cyber insurance in their risk management program. Although the FFIEC did not announce new regulatory requirements or expectations, the announcement is further evidence of what most in the industry have already recognized: Cyber coverage … Continue Reading

Better Late than Never? Alabama, the 50th State to Pass a Data Breach Law

On March 1, 2018, the Alabama Senate unanimously passed the Alabama Data Breach Notification Act of 2018 (SB 318). On March 22, 2018, the House of Representatives, following an amendment by the Technology and Research Committee, also passed SB 318. Just a day prior to the Alabama House passing SB 318, South Dakota Governor Dennis Daugaard signed SB … Continue Reading

Five Privacy Practices Every Company Should Address in the Wake of the FTC’s Enforcement Action against PayPal

Privacy is serious business. This was made clear in the Federal Trade Commission’s (FTC) recent announcement that it had settled its complaint against Venmo, PayPal’s peer-to-peer payment service, for misrepresentations to consumers regarding privacy and security settings. Although the terms of the settlement do not become final until approval by the FTC on or about … Continue Reading

Will Congress Upend Credit Reporting Agencies’ Cybersecurity Regulation in Light of Recent Data Breach?

Senators Elizabeth Warren (D-Mass.) and Mark Warner (D-Va.) introduced the Data Breach Prevention and Compensation Act on January 10, 2018 in an effort to increase accountability of large Credit Reporting Agencies (CRAs) for data breaches involving consumer data. The bill, drafted in response to the September 2017 Equifax data breach revelations, seeks to impose direct administrative … Continue Reading

Parallel Universe or Coincidence: The CFPB’s New Data Consumer Protection Principles’ Relationship to GDPR

On October 18, 2017, the Consumer Financial Protection Bureau (CFPB) outlined nine non-binding Consumer Protection Principles (the Principles) for the access and sharing of consumer information between third-party companies. The Principles focus on the consumer experience, specifically consumers’ enhanced control over their financial lives. The CFPB envisions a marketplace in which consumers are in the … Continue Reading

In the Wake of Equifax: What Auto Dealers Need to Know About Data Privacy

Following the recent Equifax data breach wherein millions of consumers’ private information may have been compromised, it is increasingly clear that consumer-interfacing businesses need to, and in some cases are required to, take steps to protect their consumers’ private information. Although not traditionally considered “financial institutions,” auto dealers that engage in financial activities—those that extend … Continue Reading

Foreign No More: Transferring Data on Demand U.S. Companies and GDPR Data Portability

Much has been written about the consternation and concern of businesses around the world regarding the European Union’s General Data Protection Regulation (GDPR), which takes effect on May 25, 2018. The GDPR applies to companies operating within the EU that control or process data. Notably, it also applies to companies outside the EU that offer … Continue Reading

CFPB Walks the Data Privacy Tightrope on Public HMDA Disclosures

In the wake of the Equifax data breach, consumers, companies, and regulators alike are cognizant of the potential exposure of personal information, and many companies are looking at ways to decrease the risk of unauthorized disclosure of personal data. In creating effective data privacy policies and procedures, companies must also analyze requirements under certain statutes … Continue Reading

The Bank Next Door: Part I – Using Social Media to “Friend” Customers

[This post is the first in a series of post which will examine the risks, rewards, innovative uses, and changing legal landscape of social media use by financial services institutions. Future blog posts will examine topics such as: monitoring and managing consumer complaints through social media, disgruntled employee use of social media, and control over content and message. … Continue Reading
LexBlog