Share with your friends

Regulatory Alert | April 2016

Regulatory Alert | April 2016

CFPB Enforcement Action – Data security practices and protection of consumer personal information


Related content

The Consumer Financial Protection Bureau (CFPB) recently announced the settlement of an enforcement action against an online payment system related to its data security practices and the safety of its payment network. This is the CFPB’s first enforcement action related to data security, which is significant because the CFPB does not have enforcement authority for the data security provisions of the Gramm-Leach-Bliley Act(GLBA) but rather has relied on its authority to prohibit unfair, deceptive, or abusive acts or practices to protect the security of consumer personal information. Banks and nonbanks under CFPB-supervision, including start-up technology firms that handle consumer personal information, should anticipate heightened attention to their data security practices as well as other GLBA-related provisions, such as privacy.

Connect with us


Want to do business with KPMG?


loading image Request for proposal