In this episode of FCRA Focus, hosts Kim Phan and Dave Gettings bring you the latest updates from the regulatory and litigation sides of the house. Dave shares his insights on the challenges and litigation surrounding...more
4/29/2025
/ Consumer Financial Protection Bureau (CFPB) ,
Consumer Reporting Agencies ,
Credit Reports ,
Data Privacy ,
Enforcement Actions ,
Fair Credit Reporting Act (FCRA) ,
Financial Services Industry ,
Fraud ,
Identity Theft ,
Lenders ,
Regulatory Requirements
In the latest episode of Payments Pros, host Carlin McCrory welcomes Kim Phan to discuss the Consumer Financial Protection Bureau's (CFPB) recent inquiries into enhancing privacy protections.
On January 10, the CFPB sought...more
2024 was a pivotal year in the regulation of data practices, with increased scrutiny of artificial intelligence (AI), data brokers, and the ecosystem of commercial data, and the continued proliferation of comprehensive United...more
2/13/2025
/ Artificial Intelligence ,
Consumer Privacy Rights ,
Corporate Counsel ,
Cybersecurity ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Machine Learning ,
Privacy Laws ,
Regulatory Agenda ,
State Privacy Laws
On January 30, the Consumer Financial Protection Bureau (CFPB or Bureau) released its updated list of consumer reporting companies for 2025. The list includes nationwide consumer reporting companies as well as several other...more
2/4/2025
/ Consumer Credit Protection ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Privacy Rights ,
Consumer Reporting Agencies ,
Credit Reports ,
Data Privacy ,
Data Security ,
Fair Credit Reporting Act (FCRA) ,
Financial Services Industry ,
Identity Theft ,
Reporting Requirements
On January 8, the Consumer Financial Protection Bureau (CFPB) officially recognized Financial Data Exchange, Inc. (FDX) as the first standard-setting body under the Personal Financial Data Rights promulgated rule under...more
On November 12, the Consumer Financial Protection Bureau (CFPB) released a new report titled, “State Consumer Privacy Laws and the Monetization of Consumer Financial Data.” The report provides an overview of the state...more
11/18/2024
/ Consumer Financial Products ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Information ,
Consumer Privacy Rights ,
Data Privacy ,
Data Protection ,
Fair Credit Reporting Act (FCRA) ,
Financial Services Industry ,
GLBA Privacy ,
Lending ,
State Privacy Laws ,
Unfair or Deceptive Trade Practices
The California Consumer Privacy Act of 2018 (as amended, including by the California Privacy Rights Act, the “CCPA”) was drafted by a privacy rights activist, initially passed and later amended multiple times by the...more
The California Consumer Privacy Act of 2018 (as amended, including by the California Privacy Rights Act, the CCPA) was drafted by a privacy rights activist, initially passed and later amended multiple times by the California...more
Rhode Island has become the 19th U.S. state to enact a comprehensive privacy law. On June 25, Rhode Island Governor Daniel McKee (D) transmitted the Rhode Island Data Transparency and Privacy Protection Act (RI-DTPPA) into...more
On May 24, Minnesota Governor Tim Walz (D) signed the Minnesota Consumer Data Privacy Act (MCDPA) into law. The MCDPA largely aligns with previous state consumer privacy laws, but it introduces some significant and novel...more
On May 9, Maryland became the second state to enact an (AADC), the Maryland Kids Code, alongside the Maryland Online Data Privacy Act (MODPA) — Maryland’s first comprehensive data privacy bill. Maryland’s AADC follows...more
On May 9, Maryland Governor Wes Moore signed the Maryland Online Data Privacy Act (MODPA) into law, making Maryland the 17th state to enact a comprehensive privacy law. Despite its name, MODPA’s coverage is not limited to...more
On May 8, attorneys general (AG) from 14 states and the District of Columbia sent a letter to Congressional leadership opposing provisions of the recently proposed federal American Privacy Rights Act (APRA). In addition to...more
On April 12, Nebraska Governor Jim Pillen signed Legislative Bill 1074 into law, making Nebraska the 16th U.S. state to enact a comprehensive privacy law. The Nebraska Data Privacy Act (NEDPA) will take effect on January 1,...more
4/29/2024
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-In ,
Personal Data ,
Personal Information ,
Risk Assessment ,
Small Business ,
State Data Privacy Laws
On April 7, House Energy & Commerce Committee Chair Cathy McMorris Rodgers (R-WA) and Senate Commerce Committee Chair Maria Cantwell (D-WA) announced a bipartisan, bicameral draft of comprehensive data privacy legislation,...more
4/16/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Personal Data ,
Privacy Policy ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Reform
On March 28, the Federal Trade Commission (FTC) released a Privacy and Data Security Update, highlighting the FTC’s activities in recent years through December 2023. The FTC underscored its work on issues related to...more
4/12/2024
/ Algorithms ,
Artificial Intelligence ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Do Not Call List ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Gramm-Leach-Blilely Act ,
Machine Learning ,
Popular ,
Regulatory Agenda ,
Risk Management
On April 4, Kentucky Governor Andy Beshear signed the Kentucky Consumer Data Protection KCDPA (the KCDPA) into law, making Kentucky the third state in 2024 to enact a comprehensive privacy law (following New Jersey and New...more
On March 6, 2024, New Hampshire Governor Chris Sununu signed Senate Bill 255 into law, making New Hampshire the 14th U.S. state to enact a comprehensive privacy law. The law, which becomes effective on January 1, 2025, is...more
Editor’s Note: In recent regulatory and enforcement developments, the White House announced a new executive order aimed at strengthening cybersecurity at U.S. ports, and another executive order was issued to protect sensitive...more
3/7/2024
/ Artificial Intelligence ,
Biden Administration ,
Consent Order ,
Consumer Financial Products ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Fair Credit Reporting Act (FCRA) ,
FCC ,
Financial Services Industry ,
Personal Data ,
Personally Identifiable Information ,
Robocalling ,
TCPA ,
UDAAP
In a recent alert, we reported that California Attorney General (AG) Rob Bonta announced a settlement with DoorDash over allegations that the company violated the California Consumer Privacy Act (CCPA) and the California...more
3/5/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
CalOPPA ,
Data Privacy ,
DoorDash ,
Marketing ,
Mobile Apps ,
Personal Information ,
State and Local Government ,
State Attorneys General ,
Statutory Violations
In the second settlement under the California Consumer Privacy Act (CCPA), California Attorney General (AG) Rob Bonta announced a settlement over allegations that DoorDash sold consumers' personal information in a manner that...more
3/4/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
CalOPPA ,
Data Privacy ,
DoorDash ,
Marketing ,
Mobile Apps ,
Personal Information ,
State and Local Government ,
State Attorneys General ,
Statutory Violations
On February 13, the Federal Trade Commission (FTC) released a blog post warning companies that it could be deemed an unfair or deceptive practice for a company to adopt more permissive data practices and to only inform...more
NIST Publishes Report on the Cybersecurity of Genomic Data. On December 20, 2023, the NIST National Cybersecurity Center of Excellence (NCCoE) published Final NIST IR 8432, Cybersecurity of Genomic Data. Informed by direction...more
2/13/2024
/ Artificial Intelligence ,
Biometric Information ,
Biometric Information Privacy Act ,
Consumer Financial Products ,
Consumer Fraud ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Brokers ,
Data Privacy ,
Data Protection ,
Data Security ,
Federal Trade Commission (FTC) ,
Financial Services Industry ,
NIST ,
Personal Information ,
Personally Identifiable Information ,
Popular ,
Putative Class Actions
On January 16, New Jersey Governor Phil Murphy signed S332 (the act), making New Jersey the first state in 2024 to enact a comprehensive privacy law. Several other states are currently considering similar comprehensive...more
1/26/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Data Security ,
Information Technology ,
New Jersey ,
Personal Data ,
Personally Identifiable Information ,
Regulatory Reform ,
State Data Privacy Laws
On November 1, New York Governor Kathy Hochul announced that the state’s Department of Financial Services (NY DFS) has amended its Cybersecurity Regulations to “enhance cyber governance, mitigate risks, and protect New York...more
11/6/2023
/ Chief Information Security Officer (CISO) ,
Cryptocurrency ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Financial Services Industry ,
New York ,
NYDFS ,
Regulatory Reform ,
Risk Assessment ,
State and Local Government