December 2, 2022

Volume XII, Number 336


December 01, 2022

Subscribe to Latest Legal News and Analysis

November 30, 2022

Subscribe to Latest Legal News and Analysis

November 29, 2022

Subscribe to Latest Legal News and Analysis

CFPB: Safeguard Consumer Data or Face Liability

The CFPB recently published a circular clarifying liability under consumer financial protection law for financial companies that fail to safeguard consumer data. The circular describes how firms may be violating the CFPA’s prohibition on unfair acts or practices with respect to the handling of consumer data by not implementing adequate measures to protect against data security incidents. According to the CFPB. in the event of large scale, customer-base-wide breaches, consumers may become victims of targeted identify theft.

The CFPB outlines several data security measures and practices which, if not implemented, may increase or trigger liability:

  • Multi-factor authentication that reduces the possibility of compromised user accounts and unauthorized access to sensitive customer information.

  • Adequate password management to monitor for breaches where employees or others may be re-using usernames and passwords.

  • Timely software updates to address known vulnerabilities once a software vendor or creator sends out a patch or announces an update.

Putting It Into Practice: The measures in the circular are not new to banks and other financial institutions subject to the Gramm-Leach-Bliley Act. For companies under the CFPB’s authority, in particular, it’s worth noting that the agency continues to use its enforcement authority to set new standards for finance companies – this time for insufficient data protection or information security (our sister blog discussed a similar trend in previous blog posts here and here). To help minimize the risk of an unfairness violation, financial companies and their vendors should ensure that they implement and routinely test robust security measures.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XII, Number 235

About this Author

Moorari Shah Bankruptcy Lawyer Sheppard Mullin Law Firm

Moorari Shah is a partner in the Finance and Bankruptcy Practice Group in the firm's Los Angeles and San Francisco offices. 

Areas of Practice

Moorari combines deep in-house and law firm experience to deliver practical, business-minded legal advice. He represents banks, fintechs, mortgage companies, auto lenders, and other nonbank institutions in transactional, licensing, regulatory compliance, and government enforcement matters covering mergers and acquisitions, consumer and commercial lending, equipment finance and leasing, and supervisory examinations,...

A.J. S. Dhaliwal Bankruptcy Attorney Sheppard Mullin Washington DC

A.J. is an associate in the Finance and Bankruptcy Practice Group in the firm's Washington, D.C. office. 

A.J. has over a decade of experience helping banks, non-bank financial institutions, and other companies providing financial products and services in a wide range of matters including government enforcement actions, civil litigation, regulatory examinations, and internal investigations.

With a diversified regulatory, compliance, and enforcement background, A.J. counsels financial institutions in matters involving...

Katie Daw Government Investigations Attorney Sheppard Mullin Law Firm

Katie’s practice focuses on government investigations into antitrust and competition issues and antitrust litigation.

Prior to joining the firm, Katie completed internships with United States Senator Dianne Feinstein and with United Kingdom Member of Parliament Graham Allen, for whom she conducted nutritional poverty research and drafted initiatives. She also served as a law clerk for the Baltimore Police Department, where she focused on compliance with the city’s consent decree entered into with the Department of Justice.