Privacy & Information Security Law Blog

On February 5, 2015, the Federal Trade Commission sent a letter to the Consumer Financial Protection Bureau (“CFPB”) summarizing the agency’s efforts in the debt collection arena in 2014. The letter is intended to assist the CFPB with preparing its annual report to Congress on the enforcement of the Fair Debt Collection Practices Act, which must be submitted pursuant to the Dodd-Frank Wall Street Reform and Consumer Protection Act. The FTC’s debt collection program involves three initiatives: (1) law enforcement, (2) education and public outreach, and (3) research and policy.

On April 10, 2013, the Securities and Exchange Commission (“SEC”) and the Commodity Futures Trading Commission (“CFTC”) jointly adopted rules that require broker-dealers, mutual funds, investment advisers and certain other regulated entities to adopt programs designed to detect “red flags” and prevent identity theft. These rules implement provisions of the Dodd-Frank Wall Street Reform and Consumer Protection Act, that amended the Fair Credit Reporting Act (“FCRA”) to direct the SEC and the CFTC to adopt rules requiring regulated entities to address risks of identity theft. The 2003 amendments to the FCRA required other regulatory authorities to issue identity theft red flags rules, but did not authorize or require the SEC or the CFTC to issue their own rules.

As reported in the Hunton Employment & Labor Perspectives Blog:

Beginning January 1, 2013, employers must issue an updated notice form to applicants and employees when using criminal background information under the federal Fair Credit Reporting Act.

Reporting from Washington, D.C., Hunton & Williams partner Frederick Eames writes:

Elections have consequences. What are the consequences of the 2012 election on U.S. federal privacy, data security and breach notice legislation? We outline some key developments in the U.S. House of Representatives and Senate and explain how these developments might affect legislative priorities and prospects for the 113th Congress beginning in 2013.

Earlier this year, the Consumer Financial Protection Bureau (“CFPB”) published a Bulletin signaling its intent to regulate and exercise enforcement authority over service providers to financial institutions. Pursuant to Title X of the Dodd-Frank Wall Street Reform and Consumer Protection Act and its implementing regulation, Regulation P, the CFPB has authority over certain large banks, credit unions and other consumer financial services companies. The Bulletin notes that the CFPB’s goal is to ensure compliance with “[f]ederal consumer financial law,” which includes the Gramm-Leach-Bliley Act and its implementing regulations, the Privacy Rule and the Safeguards Rule.

On October 27, 2010, the U.S. Commodity Futures Trading Commission (the “CFTC”) issued two notices of proposed rulemaking (“NPRMs”), citing Gramm-Leach-Bliley Act (“GLBA”) privacy rules, and marketing and data disposal rules of the Fair Credit Report Act (“FCRA”).

The proposed rules come in the wake of the Dodd-Frank Wall Street Reform and Consumer Protection Act, which places two new categories of covered entities (i.e., “swap dealers” and “major swap participants”) under the CFTC’s jurisdiction.  Under the proposals, those entities would be subject to certain GLBA privacy rules that regulate the treatment of consumers’ nonpublic personal information, and sections of the FCRA that address affiliate marketing and data disposal.

As reported in BNA’s Privacy Law Watch on July 29, 2010, three bills were introduced by House Republicans to repeal Section 929I of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the “Dodd-Frank Act”).  Section 929I of the Dodd-Frank Act has been a source of controversy because it gives the SEC significant latitude to sidestep FOIA requests by providing that the SEC "shall not be compelled to disclose" certain information it obtains pursuant to the '34 Act when conducting surveillance, risk assessments or other regulatory and oversight activities.