All Entries

Subscribe to All Entries via RSS

On October 29, 2015, the Consumer Financial Protection Bureau (“CFPB”) announced the settlement of an enforcement action against two affiliated consumer reporting agencies under the Fair Credit Reporting Act (“FCRA”) based on these companies’ employment background screening practices.  The consent order requires these background screeners to pay a total of $13 million in penalties and

On November 2, 2015, a sharply divided Supreme Court of the United States heard oral arguments in Spokeo, Inc. v. Robins, where it considered whether Congress may confer Article III standing by authorizing a private right of action based on the violation of a federal statute alone, despite a plaintiff having suffered no concrete

On October 28, the Consumer Financial Protection Bureau filed an administrative consent order against Security National Automotive Acceptance Company (“SNAAC”), an Ohio auto lender specializing in loans to service members, for engaging in illegal debt collection practices.  The order requires the company to refund or credit about $2.28 million to service members and other consumers

On October 27, the United States Senate passed the Cybersecurity Information Sharing Act (CISA) by a vote of 74-21.  CISA claims to improve cybersecurity by encouraging the sharing of threat information among companies and the U.S. Government. 

As previously reported here, CISA would permit private entities to share cyber threat

On October 30, the American Bankers Association (“ABA”) filed a letter opposing the Consumer Financial Protection Bureau’s plan, under the Paperwork Reduction Act, to conduct a nationwide web-based survey of 8,000 individuals as part of the Bureau’s study of overdraft protection services.  The ABA urged the CFPB to re-submit its proposed plan with a draft

In October, at the Privacy & Security Forum at George Washington University, Federal Trade Commissioner Terrell McSweeny emphasized that companies that outsource data security to third parties can still be liable in an FTC enforcement action.  This position follows what we have heard previously from the Office of Civil Rights, the agency charged with enforcement

On October 27, two law firms accused by the Consumer Financial Protection Bureau of violating the Consumer Financial Protection Act responded to the CFPB’s allegations that they failed to provide consumers with promised legal representation by accusing the CFPB of “improperly [attempting] to create a new federal common law definition of the practice of law.”  

On October 27, the U.S. District Court for the Northern District of Illinois awarded the Consumer Financial Protection Bureau $531.2 million against for-profit college chain Corinthian Colleges, Inc. for what the Bureau described as a “predatory” student lending program that the company administered.  Prior to its liquidation through bankruptcy earlier this year, Corinthian was one

LifeLock, an identity theft and data protection company, has reached a tentative proposed settlement with the FTC regarding deceptive marketing claims.

Privacy and security attorney Ron Raether, a partner at the law firm Troutman Sanders LLP, says that it appears, based on what LifeLock disclosed so far, that the FTC may not be demanding additional

Even high-tech companies with substantial in-house technical expertise may not be dealing with the most common type of cyber vulnerability. As technology geeks, we find it more interesting to talk about firewalls, proxy servers, router security, mobile device management, anonymization of data, encryption and the like. But technical security is not enough. Companies need to