Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • CFPB symposium on consumer access to financial records set for February 26

    Federal Issues

    On February 20, the CFPB announced that its fourth symposium, regarding Consumer Access to Financial Records and Section 1033 of the Dodd-Frank Act, will be held February 26 at 9:30 am EST. The event will be webcast on the Bureau’s website. According to the Bureau, Section 1033 “addresses consumers’ rights to access information about their financial accounts.” The symposium—featuring remarks from Director Kathy Kraninger and consisting of three panels of experts—will solicit a variety of perspectives on the current and future market for services based on consumer-authorized use of financial data. The first panel, moderated by Paul Watkins, Assistant Director in the Bureau’s Office of Innovation, will discuss the current landscape of holders of consumer data and the benefits and risks of consumer-authorized data access. The second panel will examine market developments in consumer-authorized data access and will be moderated by Will Wade-Gery, Senior Advisor in the Bureau’s Office of Innovation. The third panel will assess the future state of the market, as well as considerations for policymakers on safeguarding consumer data while ensuring consumers have continual access to their data. This panel will be moderated by Thomas Devlin, Managing Counsel in the Bureau’s Research, Markets and Regulation Division.

    Find prior InfoBytes symposium coverage here.

    Federal Issues CFPB Consumer Finance Dodd-Frank Consumer Data

    Share page with AddThis
  • Data breach settlement of $380.5 million approved in credit reporting agency class action

    Privacy, Cyber Risk & Data Security

    On January 13, the U.S. District Court for the Northern District of Virginia issued a final order and judgment in a class action settlement between a class of consumers (plaintiffs) and a large credit reporting agency (company) to resolve allegations arising from a 2017 cyberattack causing a data breach of the company. After the company announced the breach, many consumers filed suit and were eventually joined into a proposed settlement class. As previously covered by InfoBytes, the plaintiffs alleged that the company (i) failed to provide appropriate security to protect stored personal consumer information; (ii) misled consumers regarding the effectiveness and capacity of its security; and (iii) failed to take proper action when vulnerabilities in their security system became known. The company and the plaintiffs later submitted a proposed settlement order to the court.

    According to the final order and judgment, the court certified the settlement class of the approximately 147 million affected consumers, finding the class was adequately represented, and approved the “distribution and allocation plan” as fair and reasonable. In the order granting final approval of the settlement the company agreed to, among other things, pay $380.5 million into a settlement fund and potentially up to $125 million more to cover “certain out-of-pocket losses,” $77.5 million for attorneys’ fees, and approximately $1.4 million for reimbursement of expenses. Class members are eligible for additional benefits including up to 10 years of credit monitoring and identity theft protection services or cash compensation if they already have those services, as well as identity restoration services for seven years. The company also agreed to spend at least $1 billion on data security and technology in the next five years.

    Privacy/Cyber Risk & Data Security Credit Reporting Agency Class Action Settlement Data Breach Consumer Data Class Certification

    Share page with AddThis
  • Missouri AG Announces Investigation Into Tech Company’s Privacy Policies and Use of Consumer Data

    State Issues

    On November 13, Missouri Attorney General Joshua Hawley announced that his office has issued a civil investigative demand (CID) to a major California-based technology company as part of an investigation into suspected violations of the Missouri Merchandising Practices Act and the state’s antitrust laws. The investigation is focused on certain business practices, including, with respect to privacy issues, the company’s collection, use, retention, storage, sale, and dissemination of information and data about its users and their online activities. The CID requests documents and communications related to, among other things, (i) the company’s privacy policies; (ii) the collection and sharing of data that constitutes “personal information” related to the company’s users; (iii) disclosures concerning the collection of consumers’ credit or debit card transactions; (iv) data the company discloses or shares with third parties, and the identification of third-party partners; and (v) how the company tracks users’ online activities. The company has until January 22, 2018 to comply.

    State Issues Privacy/Cyber Risk & Data Security Consumer Data State Attorney General Third-Party

    Share page with AddThis

Upcoming Events