CFPB Turns Its Attention to Data Security. What All You Need to Do Now

Recommended Reading

The Consumer Financial Protection Bureau (CFPB) is increasing its focus on the potential misuse and abuse of personal financial data. As part of this effort, this August, the Bureau released a circular that provided guidance to consumer protection enforcers and stated scenarios when firms can be held liable for lax data security protocols. With the recent circular, the Bureau has made it clear that providers of consumer financial services (including debt collection agencies, law firms, debt buyers, creditors, and letter vendors) are subject to specific requirements to protect consumer data. The CFPA defines an unfair act or practice as an act or practice:

  • that causes or is likely to cause substantial injury to consumers,
  • which is not reasonably avoidable by consumers, and
  • is not outweighed by countervailing benefits to consumers or competition.

While the circular provided examples of widely implemented data security practices such as multi-factor authentication (MFA), adequate password management, and timely software updates, it does not suggest what all particular security practices are specifically required under the Consumer Financial Protection Act. This gap has encouraged us to talk to industry experts and compile a list of best data security practices that are a must for your business in the post-pandemic economy.


What All You Need to Do to Safeguard Sensitive Data Now

Expanding digitalization and remote work in the post-COVID economy are giving rise to data security risks. Firms that cut corners on data security put their customers at risk of identity theft and fraud. Amidst increasing phishing attacks and data theft campaigns, your business needs to prioritize security and design an integrated approach to safeguard sensitive customer data.

Whether your workforce is remote, onsite, outsourced, or some combination of the three, the failure to achieve key security to-dos might increase your liability under the Consumer Financial Protection Act. To help you mitigate this risk, we have created a whitepaper that will help you decode the latest CFPB circular and identify (and complete) certain to-dos related to password management, MFA, software updates, internal audits of policies, and procedures, vendor audits, employee education, and response plan. You can download the whitepaper here.