In the late summer, the Consumer Financial Protection Bureau (CFPB) issued a circular that concluded in no uncertain terms that insufficient data protection or information security could be considered an unfair practice under the Consumer Financial Protection Act. Circulars are general statements of policy circulated to other agencies, state and federal, that have overlapping authority with the CFPB to enforce federal consumer financial law, such as the Federal Trade Commission (FTC), Department of Justice, and state attorneys general, to name a few. The CFPB specifically called out the need to implement specific “cost-efficient measures to protect consumer data”: multi-factor authentication, password management, and timely software updates. Additionally, the new Safeguards Rule enforced by the FTC remains the primary federal source of affirmative requirements for nonbanks. Join lawyers from Venable’s Financial Services Group and cybersecurity experts from the firm’s Cybersecurity Risk Management Group for a webinar that will discuss the impact of this circular and provide a primer on data security measures companies that collect and use consumer data should adopt or enhance.
Andrew E. Bigart, Partner, Venable LLP
Jeremy A. Grant, Managing Director of Technology Business Strategy, Venable LLP
Alexandra Megaris, Partner, Venable LLP
Ross B. Nodurft, Senior Director of Cybersecurity Services, Venable LLP