Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Category Archives: Financial Privacy

Subscribe to Financial Privacy RSS Feed
Posted in Financial Privacy

CFPB Finalizes Rule to Ease GLBA Privacy Notice Requirements

The Consumer Financial Protection Bureau (CFPB) has finalized a proposed rule that will eliminate the need for certain financial institutions to mail annual privacy notices to their customers, so long as the institutions publish their privacy notices online and engage only in limited sharing of customer information.

Posted in Financial Privacy

CFPB Announces Inquiry into Mobile Financial Services and Issues Consumer Tips on Use of Mobile Devices

The Consumer Financial Protection Bureau is exploring how consumers—particularly members of economically vulnerable and underserved communities—are using mobile technology to access financial services and manage personal finances. In a Request for Information announced earlier this week, the CFPB notes that a large percentage of unbanked and underbanked consumers, many of whom are low-income, have access to mobile phones, a significant number of which are smartphones, and that accessing financial products, services, and financial management tools via mobile devices has the potential to empower consumers to take more control over their financial lives, to increase savings and reduce debt.

Posted in Financial Privacy

CFPB Proposes to Alleviate GLBA Privacy Notice Requirements

The Consumer Financial Protection Bureau has issued a proposed rule that would eliminate the requirement for banks and other financial institutions subject to CFPB jurisdiction to deliver an annual privacy notice to their customers, provided the institutions take certain privacy-protective measures. The CFPB proposal demonstrates that the agency is following up on its 2011 streamlining initiative, in which it solicited comment on possible alternatives to delivering the annual privacy notice, and recognizes at least to some extent the online world that most consumers now embrace

Posted in Consumer Privacy, Financial Privacy

FTC Focuses on Alternative Scoring Products

As part of its 2014 Spring Privacy Series, the Federal Trade Commission in March held a seminar to examine alternative scoring products and the possible benefits and risks of their growing use. During the seminar, FTC attorneys Katherine Armstrong and Andrea Arias of the Division of Privacy and Identity Protection moderated a panel discussion between various stakeholders that included public interest groups, the data industry, and academics.

Posted in Financial Privacy

CFTC Issues GLBA Security Guidelines

The Commodity Futures Trading Commission has issued guidance for CFTC-regulated financial institutions on compliance with the security safeguards provisions of Title V of the Gramm-Leach-Bliley Act. In a Staff Advisory, the CFTC recommends that futures commission merchants, commodity trading advisors, commodity pool operators, introducing brokers, retail foreign exchange dealers, swap dealers, and major swap participants implement certain best practices to meet their obligations under GLBA, as well as the CFTC’s GLBA regulations at 17 C.F.R. Part 160, to adopt policies and procedures that address administrative, technical and physical safeguards for the protection of customer records and information.

Posted in Consumer Privacy, Cybersecurity & Data Breaches, Financial Privacy, International/EU Privacy

EU Commission: Data Breach Notification for Telecoms Providers and ISPs within 24 Hours

Under a new regulation on the notification of personal data breaches, providers of publicly available electronic communication services must provide notices to authorities of breaches within 24 hours. If the provider lacks full information about the data breach, a preliminary notice is required, with a subsequent notification within 3 days after the initial notification. The subscribers [...]

Posted in Consumer Privacy, Financial Privacy

FTC Issues New Red Flags Rule Guidance

The Federal Trade Commission (“FTC”) recently issued a revised guidance (“Guide”) on the Red Flags Rule (“Rule”) (see “Fighting Identity Theft with the Red Flags Rule: A How-To Guide for Business”). The Red Flags Rule requires certain businesses to develop, implement and administer an identity theft protection program. The purpose of this Guide is to [...]

Posted in Consumer Privacy, Financial Privacy

FTC Issues Report on Emerging Mobile Payments Services

There has been an explosion in the number and variety of mobile payment services available to consumers in the last couple of years, with new innovations and players growing exponentially. The release of the Federal Trade Commission’s (FTC) March 8, 2013 staff report, “Paper, Plastic… or Mobile? An FTC Workshop on Mobile Payments,” indicates the potential [...]

Posted in Consumer Privacy, Financial Privacy, Social Media

Bank Regulators Propose Social Media Guidance; Comments Due March 25, 2013

The Federal Financial Institutions Examination Council (FFIEC) has released proposed guidance on the use of social media by financial institutions, including banks, credit unions, and non-bank entities supervised by the Consumer Financial Protection Bureau.  The proposed “Social Media:  Consumer Compliance Risk Management Guidance” (“Proposed Guidance”) defines “social media” broadly to including micro-blogging sites (like Google [...]

Posted in Consumer Privacy, Cybersecurity & Data Breaches, Financial Privacy

FTC Amends Red Flags Rule to Adopt Narrower Definition of “Creditor”

The FTC has issued an interim final rule to amend the Identity Theft “Red Flags Rule,” which requires certain “financial institutions” and “creditors” to develop and implement a written identity theft prevention program to identity, detect, and respond to possible incidents of identity theft.  The interim rule amendment conforms the Red Flag’s Rule’s definition of [...]

Posted in Cybersecurity & Data Breaches, Financial Privacy

SEC Issues First-Ever Guidance on Disclosure to Investors of Cybersecurity Risks

On October 13 the Division of Corporate Finance at the US Securities and Exchange Commission issued a Disclosure Guidance that for the first time advises registrants — public companies — to evaluate their cybersecurity risks and, if deemed material, to disclose such risks to investors. This Guidance is likely to lead to public companies performing formal and detailed assessments of the cybersecurity risks, and may lead to shareholder litigation following data security breaches with claims that a company failed to perform the assessment and disclose the risks recommended in the Guidance for complaince with securities disclosure laws.

Posted in Financial Privacy

Financial Services Industry Group Issues Social Media Guidance

A financial services industry group recently released guidance on managing the risks associated with using social media such as Facebook and Twitter. The guidance, titled “Social Media Risks and Mitigation,” was released this week by BITS, a division of the Financial Services Roundtable, which represents 100 of the largest financial services companies. The guidance includes tips on managing numerous concerns specific to financial institutions, which are increasingly using social media in their marketing and customer relationship activities.

Posted in Financial Privacy

For First Time, SEC Imposes Fines Based Solely on Privacy Violations

The Securities and Exchange Commission (SEC) announced yesterday that three former executives of GunnAllen Financial, Inc., a Tampa-based broker-dealer, agreed to settle charges that they had violated Regulation S-P by failing to protect confidential information about their customers. This action marked the first time that the SEC had assessed financial penalties against individuals charged solely with violations of Regulation S-P, which requires broker-dealers, investment advisers, and other financial institutions under the SEC’s jurisdiction to protect their customers’ nonpublic personal information and to provide their customers the right to opt out of having their information shared with unaffiliated third parties.

Posted in Consumer Privacy, Financial Privacy, News & Events

ABA’s Lawsuit Challenging Applicability of “Red Flags Rule” to Attorneys is Dismissed as Moot

The D.C. Circuit Court of Appeals has dismissed as moot a lawsuit challenging the applicability to lawyers of the “Red Flags Rule,” which requires financial institutions and creditors to implement identity theft prevention programs. The organized Bar had challenged the applicability of the Rule to lawyers and had won in the lower court. Since the Red Flag Clarification Act recently passed by Congress would exempt most lawyers from coverage under the Rule, the Court found that litigation no longer is necessary or appropriate.

Posted in Financial Privacy, International/EU Privacy

FinCEN Considers Proposed Rule to Require Reporting of Cross-Border Electronic Fund Transfers

Comments are due December 29th on a proposal that would require banks and money transmitters to report information to the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) regarding international fund transfers, including the Social Security numbers of individuals that send or receive such funds.

Posted in Financial Privacy

Ninth Circuit Holds that Courts May Not Impose Limits on FACTA Class Certification Based on Disproportionality or the Potential for Huge Statutory Damages

The Ninth Circuit recently reversed and remanded a district court denial of class certification in a FACTA case, making it easier for class certification even where there was disproportionality between the potential liability and the actual harm suffered, where the potential damages were huge and where defendant engaged in good faith compliance.

Posted in Financial Privacy

Regulations Imposing New Obligations on Entities Furnishing Information to Consumer Reporting Agencies Go into Effect on July 1

On July 1, 2010, final regulations will go into effect that impose new obligations on entities that furnish information about individuals (“data furnishers”) to consumer reporting agencies (“CRAs”) for use in reports about those individuals. These regulations require data furnishers to institute reasonable policies and procedures that (1) ensure the accuracy and integrity of furnished information and (2) allow individuals to formally dispute the correctness of certain information that is furnished about them to CRAs directly with the data furnisher.

Posted in Financial Privacy

FINRA Issues Guidance on Social Networking Sites

The Hogan & Hartson privacy lawyers are counseling clients on the use of social media, as the legal risks are significant — especially if employees use the shield of anonymity to protect their privacy but make representations on behalf of their employers without disclosing their affiliation. The FTC and FDA recently have focused on social media. And on January 25, the Financial Industry Regulatory Authority (FINRA), an industry self-regulatory organization, issued Regulatory Notice 10-6, which gives guidance to member companies on the use of blogs and social networking sites to engage in company-sponsored communications with the public.

Posted in Financial Privacy

Agencies Issue Model GLBA Form That Provides Safe Harbor

Yesterday the financial regulatory agencies issued a model notification form for Gramm Leach Bliley Act consumer notices, Use of the new model form provides a “Safe Harbor” for covered entities required to provide consumer notices of data sharing practices. A link to the new form is contained within this blog entry.