On November 7, 2022, Alexandra Megaris, Jeremy Grant, and Ross Nodurft were quoted in Inside of the Consumer Financial Protection Bureau regarding the current data security practices being used in regulated firms.
According to the article, the Consumer Financial Protection Bureau is letting regulated firms know that not using modern data security measures could be an unfair act or practice violation of the Consumer Financial Protection Act.
Although there are data security standards established by law or regulation, issuing guidance via the circular offers the Consumer Financial Protection Bureau “more leverage when both examining and investigating companies,” said Megaris.
“We’re at a really interesting inflection point in the security industry, where what used to be good enough a few years ago isn't good enough now,” said Grant.
Nodurft added, "It’s easier nowadays to scrape a firm’s data and figure out its enterprise passwords, and that billions of accumulated passwords from previous breaches are posted online, making it more incumbent on firms to ensure their passwords are truly secure.”