Header graphic for print
HL Chronicle of Data Protection Privacy & Information Security News & Trends

Tag Archives: dwolla

Posted in Consumer Privacy, Cybersecurity & Data Breaches, Financial Privacy

CFPB Dives Into Data Security Enforcement

On March 2, 2016, the Consumer Financial Protection Bureau announced its first data security enforcement action in the form of a Consent Order with online payment platform Dwolla, Inc. The 5 year Consent Order is based on CFPB allegations that Dwolla engaged in deceptive acts and practices by misrepresenting to consumers that it had “reasonable and appropriate data security practices.” Dwolla neither admitted nor denied that it engaged in data security misrepresentations. The CFPB fined Dwolla $100,000, enjoined it from making further misrepresentations, and is requiring that it develop a written, comprehensive data security program, designate a person responsible for the program, provide employee training, conduct risk assessments, and undergo independent third party audits annually, among other things. The CFPB also places primary responsibility for compliance with the Consent Order on Dwolla’s board of directors.