The Consumer Financial Protection Bureau (CFPB) recently brought its first data security enforcement action, adding itself to the growing list of federal regulators tackling data security issues. The CFPB’s enforcement action was against Dwolla Inc., a Des Moines, Iowa-based online payment platform. The CFPB alleged that Dwolla misrepresented its data security practices, and as a result, Dwolla agreed to pay a $100,000 penalty and to implement significant data security measures.1 While this is only its first data security-related action, the CFPB appears to be taking very seriously its role in securing consumers’ financial information. The requirements the agency placed on Dwolla’s board of directors make this clear, as the board will be held accountable for any security shortcoming by the company. This goes beyond the typical requirements imposed by the Federal Trade Commission (FTC), the regulator with the most extensive data security experience, in its data security enforcement actions. As such, companies, especially financial technology start-ups, should take note of the data security requirements placed on Dwolla by the CFPB, and ensure that any statements made regarding the security of consumers’ information are accurate.
Continue Reading CFPB Brings First Data Security Enforcement Action