On Aug. 11, 2022, the U.S. Consumer Financial Protection Bureau issued Circular 2022-04, indicating that financial institutions and service providers that fail to adopt sufficient data security measures to protect consumer financial data may violate the Consumer Financial Protection Act provision prohibiting unfair acts and practices. The CFPB indicates that whether a financial institution’s security program is adequate under the CFPA is a fact-intensive question, but the agency does offer some basic examples of what it may consider required.
Source:
- Greenberg Traurig via National Law Review: CFPB Warns Insufficient Data Security Measures May Violate Consumer Financial Protection Act
