CFPB: Poor data protection may be abusive act under consumer law

Financial institutions, including credit unions, may violate consumer protection prohibitions against unfair acts or practices if they have insufficient data protection or information security programs, the CFPB announced Thursday.

In a circular published on its website, the agency said that in such instances, financial institutions not only may be cited for violating the Gramm-Leach-Bliley Act, but could additionally be cited under consumer protection statutes.

“Financial firms that cut corners on data security put their customers at risk of identity theft, fraud, and abuse,” stated CFPB Director Rohit Chopra. “While many nonbank companies and financial technology providers have not been subject to careful oversight over their data security, they risk legal liability when they fail to take commonsense steps to protect personal financial data.”

Increased Focus on Financial Data

The agency noted it is increasing its focus on the use of personal financial data, saying, “Specifically, financial companies are at risk of violating the Consumer Financial Protection Act if they fail to have adequate measures to protect against data security incidents.”

 

continue reading »