On May 15, 2017, the Federal Reserve Office of Inspector General – which also oversees the CFPB – released a report finding deficiencies in the CFPB Office of Enforcement’s (Enforcement) processes for securing sensitive information. The evaluation, conducted between February 2016 and July 2016, reviewed Enforcement’s processes for protecting the information it collects from the
Cybersecurity
New Mexico becomes 48th state to enact data breach notification law
New Mexico recently became the 48th state to enact a data breach notification law. This continues the accelerated pace of state data breach legislative activity in the last two years. Since 2015, at least 41 states have considered legislation relating to data security incidents, and at least 16 states have enacted or amended such laws.…
CFPB Management Challenges Include Information Security
On September 29th, the Office of the Inspector General (OIG) that oversees the CFPB released a memorandum detailing the major management challenges facing the CFPB. The memo identified four areas of improvement that, unless addressed, would otherwise hamper the CFPB’s ability to accomplish its strategic objectives:
- Ensuring an Effective Information Security Program
- Ensuring Comprehensive Policies
…
CFPB brings its first data security enforcement action
Last August, we blogged about a Third Circuit decision that held the FTC can regulate cybersecurity policies and procedures as “unfair” acts or practices under Section 5 of the FTC Act. In our blog post, we commented that banks and other companies subject to the CFPB’s jurisdiction faced the possibility that the CFPB could begin…
ACC releases largest study of its kind on cybersecurity preparedness among in-house counsel
The Association of Corporate Counsel Foundation (ACC) released a State of Cybersecurity report on December 9, 2015. Ballard Spahr was the only law firm that served on the advisory board for the study and helped to formulate the survey questions. The report provides valuable insights on cybersecurity issues from more than 1,000 corporate lawyers at…
Company prevails in challenge to FTC data security complaint
As we have previously observed, banks and other companies subject to the CFPB’s jurisdiction face the possibility that the CFPB could begin using its authority under Sections 1031 and 1036 of the Dodd-Frank Act (which proscribe unfair, deceptive or abusive acts or practices) to regulate cybersecurity policies and procedures.
For companies also subject to the…
CFPB Information Security Remains a Challenge
The Office of the Inspector General (OIG) has released the “2015 list of major management challenges” faced by the CFPB that the OIG believes will hamper the CFPB’s ability to accomplish the CFPB’s strategic objectives. Like the 2014 list, one of the challenges identified by the OIG is the need to ensure…
Federal appeals court confirms FTC authority to regulate cybersecurity policies and procedures
Banks and other companies subject to the CFPB’s jurisdiction face the possibility that the CFPB could begin using its authority under Sections 1031 and 1036 of the Dodd-Frank Act (which proscribe unfair, deceptive or abusive acts or practices) to regulate cybersecurity policies and procedures. For companies also subject to the FTC’s jurisdiction, however, the threat…
CFPB and federal banking regulators increase focus on cybersecurity
As part of their increased focus on cybersecurity, the CFPB and federal banking are taking steps to raise financial institutions’ awareness about the need for preparedness. On June 24, 2014, the Federal Financial Institutions Examination Council (FFIEC) launched a web page that combines available resources from the federal regulators on cybersecurity.
In addition to heightening…