February 26, 2020

February 26, 2020

Subscribe to Latest Legal News and Analysis

February 25, 2020

Subscribe to Latest Legal News and Analysis

February 24, 2020

Subscribe to Latest Legal News and Analysis

CFPB Provides Guidance on Consumer Data Protection

The Consumer Financial Protection Bureau (CFPB) recently released a set of Consumer Protection Principles aimed at the Fintech field. The Principles describe obligations when sharing or aggregating consumer financial information. The CFPB regulates and enforces consumer financial laws, and issued this release as part of its review of the Fintech industry. These Principles follow a request for information that the CFPB issued late last year, as well as insights from stakeholders that the CFPB summarized at the time it released the Principles.

In the Principles, the CFPB recognized that many in the Fintech industry have been providing consent-based data aggregation services. These include tools that give financial advice, provide financial management, or do bill payment for the consumer. While recognizing the importance of these tools, the CFPB outlined nine principles Fintech companies should follow to provide consumers with adequate privacy protection: (1) Access, (2) Data Scope and Usability, (3) Control and Informed Consent, (4) Authorizing Payments, (5) Security, (6) Access Transparency, (7) Accuracy, (8) Ability to Dispute and Resolve Unauthorized Access, and (9) Efficient and Effective Accountability Mechanisms.

Many of these principles follow a fairly typical path, such as giving consent and control, and notice, as well as providing security and transparent access. Others are specific to the type of services being offered. For example, when a consumer grants a third party access to his or her information, the third party should “only access the data necessary to provide” the service. In the Principles, the CFPB clarifies that consumers should give separate consent for services that give third parties both access and the ability to authorize payment. The Principles further emphasize the importance to consumers of being able to dispute unauthorized access or sharing.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.


About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

Jonathan E. Meyer, Sheppard Mullin, International Trade Lawyer, Encryption Technology Attorney

Jon Meyer is a partner in the Government Contracts, Investigations & International Trade Practice Group in the firm's Washington, D.C. office.

Mr. Meyer was most recently Deputy General Counsel at the United States Department of Homeland Security, where he advised the Secretary, Deputy Secretary, General Counsel, Chief of Staff and other senior leaders on law and policy issues, such as cyber security, airline security, high technology, drones, immigration reform, encryption, and intelligence law. He also oversaw all litigation at DHS, including high-profile issues such as executive action and no-fly rules, and managed the most important cases on a day-to-day basis, at levels from discovery disputes to Supreme Court briefs. Additionally, he led the Department’s responses to Congressional oversight from over 90 committees and caucuses of jurisdiction, including testifying before Congress and preparing high profile witnesses for their testimony.  Mr. Meyer was a point person for coordination with the White House, and the Departments of State, Justice, Defense, and many others.

John Sample, Commercial Litigator, Chicago Attorney, Sheppard Mullin Law FIrm

John Sample is an associate in the Business Trial Practice Group in the firm's Chicago office.

Mr. Sample has experience on a wide range of commercial litigation matters, including breach of contract, real estate, intellectual property, product liability and labor and employment. Mr. Sample has particular expertise with contract disputes, and he contributed to editing the book, Illinois Contract Litigation. In addition, he has managed large document reviews, obtained witness declarations, and appeared in state and federal courts in Chicago. Mr. Sample has worked on legal matters for...