Our discussion examines the FTC’s Advanced Notice of Proposed Rulemaking relating to what it describes as “commercial surveillance” and the CFPB’s circular confirming that covered persons and service providers may violate the Consumer Financial Protection Act’s prohibition against unfair acts or practices when they fail to adequately safeguard consumer information. We consider the ANPR’s scope, its areas of focus, and potential federal and state obstacles to the FTC’s initiative. After providing an overview of the CFPB’s circular, we look at the data security measures highlighted by the CFPB, the CFPB’s authority to address data security, precedents to which companies can look in assessing the adequacy of their data security measures and potential exposure, and steps to mitigate risk.
Alan Kaplinsky, Ballard Spahr Senior Counsel, hosts the conversation, joined by Greg Szewczyk, Co-Leader of the firm’s Privacy and Data Security Group, and Tim Dickens, an associate in the firm’s Litigation Department focusing on privacy and data security.
To listen to the episode, click here.