CFPB: Poor Data Protection May Be Abusive Act Under Consumer Law

The CFPB announced that credit unions and other financial institutions could be cited for violations if information security is insufficient. Learn why.

David Baumann

Published

Aug 12

2022

What is Field of Membership

Table of contents

Bureau says credit unions and other financial institutions could be cited for violations if information security is found lacking.

Financial institutions, including credit unions, may violate consumer protection prohibitions against unfair acts or practices if they have insufficient data protection or information security programs, the CFPB announced Thursday.

In a circular published on its website, the agency said that in such instances, financial institutions not only may be cited for violating the Gramm-Leach-Bliley Act, but could additionally be cited under consumer protection statutes.

“Financial firms that cut corners on data security put their customers at risk of identity theft, fraud, and abuse,” stated CFPB Director Rohit Chopra. “While many nonbank companies and financial technology providers have not been subject to careful oversight over their data security, they risk legal liability when they fail to take commonsense steps to protect personal financial data.”

Increased Focus on Financial Data

The agency noted it is increasing its focus on the use of personal financial data, saying, “Specifically, financial companies are at risk of violating the Consumer Financial Protection Act if they fail to have adequate measures to protect against data security incidents.”

The bureau explained that the Consumer Financial Protection Act defines an unfair act or practice as one “(1) that causes or is likely to cause substantial injury to consumers, (2) which is not reasonably avoidable by consumers, and (3) is not outweighed by countervailing benefits to consumers or competition.”

Potential Specific Violations

Three examples of areas that could lead to a violation were cited.

For instance, if a financial institution does not use multi-factor authentication (MFA) for consumer accounts or an equivalent protection, it could violate consumer protection laws. “MFA greatly increases the level of difficulty for adversaries to compromise enterprise user accounts, and thus gain access to sensitive customer data. MFA solutions that protect against credential phishing, such as those using the Web Authentication standard supported by web browsers, are especially important,” the agency outlined.

It added that if a financial institution fails to have adequate password protections or update its software regularly, it could violate the prohibition against unfair acts or practices.

Pushback to CFPB

The CFPB has come under fire from critics who contend that the agency has overly broad discretion in defining what constitutes an unfair, deceptive, or abusive act or practice.

Industry News

No items found.

CFPB: Poor Data Protection May Be Abusive Act Under Consumer Law

CFPB’s Chopra: Overdraft Rule Wouldn’t Harm Liquidity

House Republicans Bluntly Voicing Their Contempt for CFPB

As Interchange Bill Languishes, Supporters and Opponents Get Creative

NCUA to Resume Assessing Civil Penalties for Late Call Reports

Climate Advocates Call for NCUA to Establish ‘Resilience Office’

House to Vote on Plan to Kill CFPB Small Business Rule

CFPB’s Chopra Heads to Capitol Hill Amid Public Support for Agency

NASCUS: Contributions of State Regulators Overlooked in NCUA Budget

CU Trades, Consumer Groups Clash Over CFPB Arbitration Petition

NCUA Inspector General Auditing CU Chartering Process

Coalition Intensifying Lobbying on Interchange Bill

Budget Hearing: CU Trades Clash with Harper Over Agency Priorities

NCUA: Large Credit Unions Showing Signs of Stress

GOP Rep. Hill Wants to Examine Bank Purchases by Credit Unions

Harper Submits Familiar Legislative Wish List to Senate Committee

CU Trades: NCUA Doesn’t Need Beefed Up Consumer Protection Exams

House Votes Show Support for CDFI, CFPB

CU Trades Support Proposed CFPB Digital Wallet, Payment Rule

NCUA Charters Young Community FCU in Kentucky

House to Consider Abolishing CFPB, CDFI Program

Senate Banking Committee Advances Otsuka Nomination to NCUA Board

CFPB: States Are Subjecting Credit Unions to Reinvestment Laws

Banks Renew Fight Over Military Base Rent Benefits for Credit Unions

CUNA-NAFCU Merger Approved

NCUA: In 2022, CUs Provided More Mortgages Than Banks to Targeted Populations

GOP Senators: Lending Guidance Based on Immigration Status Is Irresponsible

House Republicans Push Amendments to Eliminate CDFI, CFPB

GAO: Blacks, Hispanics Face Higher Interest Rates, Fees on Credit Cards

Marijuana Businesses Sue to Gain Access to Financial Services

NCUA Proposes 11% Increase in Operating Budget

CU Trades Blast Proposed Debit Swipe Fee Cut

Harper: Credit Unions Must Cut Fees to Remain Competitive

Dems Push Consumer Protection Legislation Ahead of Potential Shutdown

Navy Federal: NCUA’s Denial of Share Insurance Is National Security Matter

Credit Unions, Community Bankers Agree: CFPB Data Rule Needs Work

NCUA Board Nominee: Credit Unions Should Manage Climate Risks

CFPB Proposes Rule to Ease Consumer Access to Financial Data

Harper: NCUA Needs Third-Party Vendor Authority

ABA Poll: Congress Should Investigate CU Tax Exemption

Senate Votes to Kill CFPB Lending Rule; Biden Promises Veto

Uncertainty Reigns in CDFI Program

Study: ‘Credit Marginalized’ Relying on Overdrafts

Senate Panel to Consider Otsuka Nomination to NCUA Board

Navy Federal Gets Overseas Bank Contract, but NCUA Can’t Insure Deposits

CFPB: Large Banks, but Not Large Credit Unions Eliminating NSF Fees

CFPB Opponents May Be Fighting an Uphill Battle

Students at GW Anxious for Provisional CU Charter

Community Bankers: Credit Unions Are Not Serious Threat

Consumer Groups Thrilled with CFPB Oral Arguments

Supreme Court Justices Appear Skeptical of CFPB Challenge

FDIC Chair: Calls for Deposit Insurance Increases Have Died Down

Congress Extends Flood Insurance Program until Nov. 17

CRS: Measuring Effectiveness of CDFI Program Is Daunting Task

Sen. Warren: Supreme Court Ruling in CFPB Case Could Affect NCUA

NCUA Awards $3.1 Million in 2023 CDRLF Round

Senate Banking Committee Approves Marijuana Banking Bill

New Hurdles Emerge as Senate Panel Considers Marijuana Banking Bill

CFPB Wants to Eliminate Medical Debts from Credit Reports

Much to CU Groups’ Dismay, Senator Pushes Interest Cap on Credit Cards

NCUA Approves Final Rule to Ease CU Efforts to Work With Fintechs

Biden Intends to Nominate Tanya Otsuka for NCUA Board

Key Senators Unveil Revised Marijuana Banking Bill

GAO: Financial Stability Council Needs More Power to Police Risk

Kentucky Federal Judge Blocks CFPB Small Business Rule

Senate Committee to Consider Marijuana Banking Bill

Accusations Fly as Sens Aim to Attach Interchange Plan to Funding Bills

Flood Insurance Program to Expire Unless Congress Acts Quickly

Bankers Oppose Bill to Increase Credit Union Business Lending

CU Trades Ask Congress to Limit Expansion of SBA Lending

Harper: NCUA Still Working on Provisional Charter Plan

CUNA’s Nussle: Merged Group to Have United Voice in Chaotic Atmosphere

Tax Exemption and CUNA-NAFCU Merger Main Topics as NAFCU Caucus Opens

Judge Rules that CFPB Can’t Police Discrimination by Certain Groups

Credit Union Lobbying Intensifies as House Returns

After Withdrawing Bank Application, Rakuten Seeks Credit Union Charter

NCUA 2nd Quarter Report: Number of CUs Drops, but Membership Increases

CU Trades Ask NCUA to Increase Operating Fee Threshold

CFPB Agrees to Settle Discrimination Suit Filed by Agency Employees

CUNA-NAFCU Merger: Members of Congress Could Take a Hit