CFPB: Poor data protection may be abusive act under consumer law

August 12, 2022 by David Baumann, CUCollaborate

Financial institutions, including credit unions, may violate consumer protection prohibitions against unfair acts or practices if they have insufficient data protection or information security programs, the CFPB announced Thursday.

In a circular published on its website, the agency said that in such instances, financial institutions not only may be cited for violating the Gramm-Leach-Bliley Act, but could additionally be cited under consumer protection statutes.

“Financial firms that cut corners on data security put their customers at risk of identity theft, fraud, and abuse,” stated CFPB Director Rohit Chopra. “While many nonbank companies and financial technology providers have not been subject to careful oversight over their data security, they risk legal liability when they fail to take commonsense steps to protect personal financial data.”

Increased Focus on Financial Data

The agency noted it is increasing its focus on the use of personal financial data, saying, “Specifically, financial companies are at risk of violating the Consumer Financial Protection Act if they fail to have adequate measures to protect against data security incidents.”

CFPB: Poor data protection may be abusive act under consumer law

Increased Focus on Financial Data

Featured

Best advice for your career: Run YOUR race

Why connecting with Gen Z and Millennial credit union members is crucial

Rethink your marketing for the digital age—Embedded finance is key

Leadership is lonely—but you are not alone

Stay connected to the credit union community with our free newsletter!

You have Successfully Subscribed!