CFPB Takes Action to Protect the Public from Shoddy Data Security Practices

"The bureau said the circular does not suggest that particular security practices are specifically required under the Consumer Financial Protection Act."

Why this is important: The Consumer Financial Protection Bureau ("CFPB") recently jumped into the data security pool. Pursuant to a circular published by the CFPB, financial companies may be in violation of the Consumer Financial Protection Act ("CFPA") if they fail to take adequate measures to safeguard consumers’ data. While the CFPB did not specifically require any particular actions financial companies need to take to protect consumers’ data, it did offer a few suggested actions. These suggested actions included the implementation of multi-factor authentication, adequate password management, and timely software updates. The CFPB went on to state that a financial company’s failure to implement these simple suggestions could trigger liability under the CFPA.