The Consumer Financial Protection Bureau (CFPB) announced its intention to act as a data security regulator by releasing its first unfair, deceptive or abusive acts or practices (UDAAP) enforcement action for allegedly deceptive statements about data security practices after remaining largely silent on the topic for more than four years. The CFPB's March enforcement action, against a small payments company,1 contains only a modest civil money penalty and does not require payments to customers. The language in the bureau's action suggests that it expects regulated companies to implement certain data security processes and that it may take further enforcement action in the area of data security.

Click here to continue reading the full text of this article

Originally published in BNA's Banking Report, 6/06/2016.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.