On March 4, 2022, the California Department of Financial Protection and Innovation (DFPI) issued a reminder to its financial institution licensees regarding their obligations in light of the Russian invasion of Ukraine: comply with U.S. sanctions on Russia, and employ safeguards to protect against attempts to use virtual currency transfers…
Goodwin invites you to join us for our upcoming webinar on the NYDFS Cybersecurity Regulation. Now in its fifth year, the NYDFS Cybersecurity Regulation is a standout among state-level information security regulations. This year, the NYDFS is investing additional resources into cybersecurity, with a new NYDFS Cyber Intelligence Unit formed…
On August 10, 2018 the Consumer Financial Protection Bureau (CFPB) issued a final rule adopting changes to Regulation P to bring the regulation into conformity with its authorizing statute, the Gramm-Leach-Bliley Act, 15 U.S.C. § 6801 et seq. (GLBA). The rule, which was enacted to reduce regulatory burden on financial…
On April 2, 2018, the Superior Court of Suffolk County, Massachusetts denied Equifax, Inc.’s motion to dismiss the Commonwealth’s case against it related to the company’s widely publicized 2017 data breach. Although the ruling does not determine who will ultimately prevail in the action, it outlines several key considerations for…
On October 18, 2017, the Consumer Financial Protection Bureau (CFPB) published guidelines for financial institutions to use when authorizing third-party access to consumers’ financial information. These guidelines are targeted at protecting consumers who give their consent to allow other companies to access their account information. Companies—including fintech firms, banks, and…
The issue of cybersecurity is back in front of Congress in the wake of the news of the data breach at Equifax Inc., which reportedly has affected approximately 143 million consumers. Various industry trade groups, including the National Retail Federation, wrote a letter to Congress to advocate a sweeping uniform…
On December 21, 2016, the Financial Industry Regulatory Authority (FINRA) announced that it was fining 12 firms a total of $14.4 million for failing to comply with FINRA cybersecurity regulations, having identified “significant deficiencies relating to the preservation of broker-dealer and customer records in a format that prevents alteration.” FINRA…
The Consumer Financial Protection Bureau’s (CFPB) recently-released Request for Information Regarding Consumer Access to Financial Records (RFI) suggests that the agency is considering making a new rule to set requirements and protections for the use of consumers’ financial information. In publishing the RFI, the CFPB notes that the Dodd-Frank Act “provides…
On March 7, 2016, the Consumer Financial Protection Bureau (CFPB) announced that it will begin collecting complaints from consumers about online marketplace lenders, signaling its intention to increasingly regulate the evolving and growing Financial Technology (Fintech) industry. The CFPB announcement emphasized that marketplace lending is “a relatively new kind of…
On December 9, 2015, the House Financial Services Committee reported a Bill to Congress that would impact the cybersecurity compliance of financial services companies. The Bill, H.R. 2205, would set standards for development and implementation of cybersecurity protocols; require investigation and notification of breaches; and allow administrative enforcement. One of…
On August 24, 2015, the Third Circuit affirmed the United States District Court for the District of New Jersey’s denial of a motion to dismiss in FTC v. Wyndham Worldwide Corp. In Wyndham, the Federal Trade Commission brought suit against Wyndham in the wake of three cybersecurity attacks that allegedly…
An Illinois federal district court held on March 20, 2015 that California law protects T-Mobile from having to turn over the names and addresses of thousands of its California customers without their consent in response to a third-party subpoena in a nationwide class action. The case, Birchmeier v. Caribbean Cruise Line,…
On March 12, 2015, the Senate Intelligence Committee took an important step in advancing a comprehensive bill titled the Cybersecurity Information Sharing Act of 2015 (“CISA”) aimed at bolstering U.S. companies and the federal government’s cyber security protections. But some privacy watchdogs and other government officials are openly wondering whether…
As the cyber security threat to the U.S. economy and national security has grown, U.S. states and businesses have taken increasing steps to prevent potential hacks from invading user privacy and U.S. intelligence activities. Most recently, New York’s attorney general, proposed new rules to help safeguard consumer privacy and provide businesses with incentives…
On January 15, 2015, New York’s attorney general, Eric Schneiderman, proposed a new law that NY hopes will balance business and consumer interests while establishing New York as a leader in data security. The main effect of the proposed legislation would be to expand the definition of private information to…
One of the most persistent and insidious threats to companies is cyber attacks. Whether these attacks involve theft of intellectual property, installation of malware, or denial of service, they pose a significant risk to businesses and their customers. For many companies, especially financial services companies, the risk is heightened by…
On September 10, 2014, the Federal Trade Commission (FTC) posted a comment in response to the Consumer Financial Protection Bureau’s (CFPB) request for information regarding the use of mobile banking services and products specifically utilized by economically vulnerable or underserved consumers. After briefly articulating some of the benefits of mobile…
Online shopping is widespread, and by now, most retailers have tailored their websites to ensure consumers are fully aware of their privacy, security, and dispute resolution rights and liabilities in buying products online. However, as retailers and other companies increasingly launch mobile applications to allow their customers to purchase items…
On June 24, 2014, in response to the “increasing volume and sophistication of cyber threats,” the Federal Financial Institutions Examination Council (“FFIEC”) began a month-long cyber-security assessment of 500 community financial institutions and credit unions. Announcing what it dubbed a “pilot program,” the FFIEC—a formal, interagency body made up of…
On June 11, as a result of the growing use of mobile banking services across the country, the CFPB announced that it was conducting a request for information into the benefits and consequences of expanding mobile financial services. Its focus is underserved and remote communities, but any actions the CFPB…