The CFPB has issued a policy statement concerning COVID-19 considerations that will be relevant to how the CFPB chooses to exercise its supervisory and enforcement authority regarding compliance with the Fair Credit Reporting Act and Regulation V, especially in light of the CARES Act.

The CFPB states that it “understands that the current crisis impacts the financial well-being of consumers and poses operational challenges for consumer reporting agencies and furnishers, including staffing challenges, that could temporarily impede their ability to timely comply with their statutory and regulatory consumer reporting obligations.” … Continue Reading

The Coronavirus Aid, Relief, and Economic Security Act (CARES Act) includes the following provisions of particular interest to members of the consumer financial services industry:

Credit Reporting.  Section 4021 (Credit Protection During COVID-2019) amends the Fair Credit Reporting Act to impose new COVID-19 related reporting requirements on furnishers of information to consumer reporting agencies. … Continue Reading

On February 25th, the Federal Trade Commission (FTC) released its annual Privacy and Data Security Update, which highlights the FTC’s activities during the past year.

According to the update, the FTC enforcement actions in the past year involved privacy and data security addressing a range of issues, including identity theft, credit reporting and financial privacy, the EU-U.S.… Continue Reading

On February 7, 2020, the California Attorney General’s (AG) Office released modifications to the proposed regulations to the California Consumer Privacy Act (CCPA).  The modifications incorporate amendments to the CCPA signed into law after the AG’s Office issued the proposed regulations in October 2019.  The modifications also reflect public comments made during the initial comment period, which concluded in December 2019. … Continue Reading

Yesterday, Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, announced the following three major improvements that have been made to FTC orders in data security cases:

  1. Specificity: To counter past criticisms that FTC orders to implement comprehensive information security programs were too vague, FTC orders will now require specific security safeguards that address specific allegations in the complaint brought against each company.
Continue Reading

The CFPB and FTC announced the issues that the panels will discuss at the workshop on accuracy in consumer reporting that the agencies will co-host on December 10, 2019.

The workshop will examine issues affecting the accuracy of traditional credit reports as well as employment and tenant background screening reports, including changes in legal requirements and technological developments. … Continue Reading

On November 22nd, the CFPB issued a press release announcing that a stipulated final judgment and order (Order) were filed in the U.S. District Court for the Southern District of New York against Sterling Infosystems, Inc. (Sterling) to resolve allegations that the employment background screening company violated the Fair Credit Reporting Act (FCRA). … Continue Reading

The California Attorney General’s Office released its long-awaited proposed CCPA regulations last week.  The proposed regulations are 24 pages long, and address a number of important technical compliance issues including how businesses should:

  • provide just in time notice to consumers of personal information collected;
  • provide notice to consumers of the right to opt out of the sale of personal information;
  • provide notice to consumers of financial incentives;
  • provide a CCPA compliant privacy policy;
  • provide methods for consumers to submit requests to know and requests to delete their personal information;
  • respond to consumer requests to know and requests to delete their personal information
  • respond to consumer requests to access or delete household information;
  • respond to requests to opt-out;
  • respond to requests to opt-in after consumers exercise their right to opt out of the sale of personal information; and
  • verify consumer requests.
Continue Reading

Just two days after the Federal Trade Commission (“FTC”) announced a historic settlement of privacy and security claims against Equifax, the FTC today announced that Facebook has agreed to pay $5 billion in civil fines, arising from its violation of a 2012 consent order with the FTC.  According to the FTC, this is the largest fine ever levied by a U.S.… Continue Reading

Equifax has agreed to pay $575 million to settle consumer as well as state and federal regulatory claims for its 2017 data breach. This is the largest data breach settlement to date.

2017 Data Breach

At the federal level, the FTC and CFPB both filed complaints against Equifax. The FTC complaint alleges Equifax was aware of a security vulnerability in a database containing consumer inquiries about their personal credit data.… Continue Reading