BACK TO BASICS, Continued—Safeguarding Consumer Information, Again

I frequently write about a creditor’s duty to safeguard customer information. See for example, here and here. This is an important duty that arises out of the Gramm-Leach-Bliley Financial Privacy Act. The Safeguards Rule issued early on by the FTC, set the standards for safeguarding customer information under GLB.

With the transition of authority resulting from the Dodd-Frank Consumer Protection Act, from the Federal Trade Commission (FTC) to the Consumer Financial Protection Bureau (CFPB), the FTC Safeguards Rule has gotten a little sidetracked. That is, the Dodd-Frank Act transferred the majority of the FTC’s rulemaking authority for Privacy to the CFPB, leaving the FTC with rulemaking authority only over certain motor vehicle dealers. (The FTC is still considering some changes to its Rule.)

The CFPB standards for safeguarding consumer’s nonpublic personal information (16 CFR Part 314) require a financial institution to disclose its policies and practices for protecting the confidentiality, security, and integrity of nonpublic personal information about consumers (whether or not they are customers). The required disclosure may describe in general terms who is authorized to have access to the information and whether the financial institution has security practices and procedures in place to ensure the confidentiality of the information. I have urged creditors to adopt a compliant policy.

Interestingly, many states have joined the effort to safeguard nonpublic personal information by adopting their own data breach notification laws. (Stay tuned for more on data breach notification laws.) The combination of federal and state law evidences the seriousness with which regulators view privacy of our information; and what happens if such information is inadvertently disclosed.

Creditors should make sure that their policies and practices concerning maintaining the privacy of nonpublic personal information held by them have been updated to address the appropriate response for inadvertent disclosure.

Major companies have been embarrassed (and worse) by data security breaches.

Please note: This is the one hundred fifteenth blog in a series of Back to Basics blogs, in which relevant and resourceful information can be easily accessed by clicking here.

Register now for your free, tailored, daily legal newsfeed service.

BACK TO BASICS, Continued—Safeguarding Consumer Information, Again
Blog Consumer Finance Report

Filed under

Topics

Laws

Organisations

Popular articles from this firm

What is the Difference Between Direct Lending and Indirect Lending? *

Engagement Letters for Litigators *

BACK TO BASICS, Continued—Have We Talked Lately About Record Keeping? *

Recovering Bankruptcy Attorneys Fees and Guide to Filing Notice of Post-Petition Mortgage Fees, Costs, & Expenses *

Back to Basics, Continued—so what is the Total Sale Price disclosure anyway? *

More from Consumer Finance Report

BACK TO BASICS, Continued—Equal Credit Opportunity Again!

BACK TO BASICS, Continued—Revising the Contract When the Servicemember Invokes Protection Under the Servicemembers Civil Relief Act (SCRA)

BACK TO BASICS, Continued—Is a Charge Assessed to the Consumer for Use of a Debit Card a Finance Charge?

Getting Your Stuff in Order

BACK TO BASICS, Continued—Direct Dispute Complaints v. e-OSCAR Referred Complaints

Related practical resources PRO

Related research hubs