On September 29th, the Office of the Inspector General (OIG) that oversees the CFPB released a memorandum detailing the major management challenges facing the CFPB. The memo identified four areas of improvement that, unless...more
Letter from the Editors - Dear Readers, The world of raising capital for emerging companies has experienced a revolution. Prior to the enactment of the JOBS Act in 2012, raising capital for private companies was...more
According to the FBI, “there are only two types of companies: those that have been hacked and those that will be.” It does not take an actual data breach, however, for a company to be liable for its data security practices. ...more
The Consumer Financial Protection Bureau (CFPB) recently brought its first data security enforcement action, adding itself to the growing list of federal regulators tackling data security issues. The CFPB’s enforcement action...more
Cybersecurity and data protection – or more specifically, the lack of it – in the financial services industry present risks for both an institution's consumers and the institution's safety and soundness. The presence of both...more
The Consumer Financial Protection Bureau (CFPB ) has taken its first UDAAP action against a consumer financial service provider related to data security practices. Since its launch in December 2009, Dwolla, Inc. ("Dwolla"),...more
On March 2, 2016, the Consumer Financial Protection Bureau (CFPB) announced an enforcement action against online payment system company Dwolla, Inc. for allegedly deceiving consumers about its data security practices. This...more
Earlier this month, the Consumer Financial Protection Bureau (CFPB) made headlines by bringing its first enforcement action in the data security space. Dwolla, Inc., an Iowa-based online payment processor, was the CFPB’s...more
Data breaches and cybersecurity attacks appear to be growing in frequency. Despite the increase in the number of such attacks, plaintiffs have found it difficult to establish a legal foothold for data breach claims, as...more
In the past two months, consent orders were reached in two high profile enforcement actions. In February 2016, a consent order came out between the Consumer Financial Protection Bureau (CFPB), Department of Justice (DOJ) and...more
On March 2, the Consumer Financial Protection Bureau (“CFPB”) issued its first Consent Order against a company for flawed data security practices in violation of the Consumer Protection Act’s prohibition on unfair, deceptive,...more
On March 2, 2016, the Consumer Financial Protection Bureau (“CFPB”) instituted its first data security enforcement action, in the form of a consent order against online payment platform Dwolla, Inc....more
The Federal Trade Commission (FTC) has issued orders to obtain information about the process by which businesses audit their compliance with the Payment Card Industry Data Security Standards (PCI DSS) and the role of such...more
In a much anticipated move, on March 2, 2016, the Consumer Financial Protection Bureau (CFPB) entered the cybersecurity foray with its first enforcement action against Dwolla, Inc., an online payment processing start-up. ...more
On March 2, 2016, the Consumer Financial Protection Bureau (“CFPB”) entered into a consent order with Dwolla, Inc. (“Dwolla”) that penalized the company for engaging in deceptive acts related to the company’s data security...more
The Consumer Financial Protection Bureau (CFPB) announced that it has entered into a consent order with online payment platform Dwolla Inc., alleging that Dwolla made false representations to consumers relating to its data...more
The Consumer Financial Protection Bureau (CFPB) announced on March 2, 2016, that it had entered into a consent order with online payment platform Dwolla to resolve the CFPB’s claims regarding statements made by Dwolla about...more
A new regulatory authority has entered the field of data security: the relatively new Consumer Financial Protection Board (CFPB). On March 2, the CFPB announced that it had reached a consent order with an Iowa-based company...more
The Consumer Financial Protection Bureau (CFPB) recently issued a first of its kind Consent Order against an online payment platform for misrepresenting the security measures used to protect consumer's data. Pursuant to the...more
On March 2, the federal Consumer Financial Protection Bureau (CFPB) for the first timebrought an enforcement action related to data security. The CFPB consent order imposes a $100,000 fine and five years of regulatory...more
On March 2, the CFPB settled its first data security enforcement action against Iowa-based Dwolla Inc. Launched as a startup in 2009, Dwolla is an online payment platform that enables customers to transfer money directly...more
On March 2, 2016, the Consumer Financial Protection Bureau (“CFPB”) broke new ground (at least for the CFPB) when it released a consent order against Dwolla, Inc. (“Dwolla”), an online payment platform, regarding data...more
Last August, we blogged about a Third Circuit decision that held the FTC can regulate cybersecurity policies and procedures as “unfair” acts or practices under Section 5 of the FTC Act. In our blog post, we commented that...more
The Consumer Financial Protection Bureau (CFPB) has announced its first data security enforcement action. Since the 1990s, the Federal Trade Commission (FTC) has primarily taken on the role as the de facto federal regulator...more