Financial Privacy

Bank Regulators Issue Advanced Notice of Proposed Rulemaking on Cyber Risk Governance and Management Regulations

October 31, 2016 By Privacy & Data Security Team

More regulators (apart from the FTC) are now taking note of cybersecurity issues in the financial services industry and are taking steps to protect the industry and its consumers. Earlier this year, the Consumer Financial Protection Bureau (“CFPB”) issued its first enforcement action on data security against an online payment system. In June, the Federal […]

D.C. Circuit Holds CFPB is Unconstitutionally Constructed; Removes For-Cause Removal Protection from CFPB Director

October 17, 2016 By Privacy & Data Security Team

On Tuesday, October 11, 2016, the D.C. Circuit Court issued its opinion in PHH Corp. v. Consumer Financial Protection Bureau, holding that the Consumer Financial Protection Bureau (CFPB) was unconstitutionally structured. In the majority opinion, Judge Kavanaugh described the position of CFPB Director as, in terms of unilateral authority, “the single most powerful official in […]

FTC PrivacyCon Event Examines Cutting-Edge Research and Current Policies Regarding Privacy and Data Security

January 21, 2016 By David Caplan and Kimberly Chemerinsky

The Federal Trade Commission held its PrivacyCon event, featuring nineteen presentations showcasing original research regarding important consumer privacy and security issues by leading academics from universities and think tanks from around the world. A full video recording of the webcast is available here. The conference took place in Washington on Jan. 14, 2016, and included […]

FFIEC Warns of Increase in Cyber Attacks Involving Extortion, Encourages Financial Institutions to Develop Response Programs

November 10, 2015 By Privacy & Data Security Team

Last week, the Federal Financial Institutions Examination Council (FFIEC) issued a joint statement warning of an “increasing frequency and severity of cyber attacks involving extortion.” The statement warned that criminals have been extorting financial institutions using a variety of tactics, including denial of service attacks, theft of sensitive information, and use of “ransomware,” which is […]

Article 29 Working Party Calls for Political Action

October 16, 2015 By Privacy & Data Security Team

In a concise statement, the Article 29 Working Party (WP29), a consortium of European Data Protection Authorities (DPAs), released a position paper today about the landmark ruling of the European Court of Justice in Maximilian Schrems v. Data Protection Commissioner (C-362-14). WP29 makes a political call on the EU Member States to finalize discussions with […]