As we have previously observed, banks and other companies subject to the CFPB’s jurisdiction face the possibility that the CFPB could begin using its authority under Sections 1031 and 1036 of the Dodd-Frank Act (which proscribe unfair, deceptive or abusive acts or practices) to regulate cybersecurity policies and procedures.
For companies also subject to the FTC’s jurisdiction, the threat of FTC regulation of their cybersecurity policies and procedures became significantly more imminent as a result of the Third Circuit’s August 2015 decision in FTC v.… Continue Reading