DocMagic Blog

CFPB Issues Circular Regarding Data Protection Security

The Consumer Financial Protection Bureau (“CFPB”) published Circular 2022-04 on August 11, 2022 which confirmed that financial institutions may violate the prohibition on unfair acts or practices under the Consumer Financial Protection Act (“CFPA”) by having insufficient data protection or information security.

“Financial firms that cut corners on data security put their customers at risk of identity theft, fraud, and abuse,” said CFPB Director Rohit Chopra. “While many nonbank companies and financial technology providers have not been subject to careful oversight over their data security, they risk legal liability when they fail to take common-sense steps to protect personal financial data.”

The circular provides that under the CFPA an unfair act or practice would be one that (1) causes or is likely to cause substantial injury to consumers, (2) is not reasonably avoidable by consumers, and (3) is not outweighed by countervailing benefits to consumers or competition. Additionally, an actual injury is not required to prove an unfair act or practice under the CFPA. Examples of data security practices which are widely used to protect consumer data are provided in the Circular.

Further, three examples of data security measures which are indicated to reduce the likelihood of a violation of unfair act or practices include multi-factor authentication, password management policies and practices, and timely software updates. Not using these types of security measures may indicate a financial institution has inadequate data protection.

Circulars are a new tool being used by the CFPB to provide supervisory guidance on individual topics. For more information on this type of guidance, see DocMagic’s prior compliance article here.


Related Content:

One vendor. One platform. A complete solution.

Schedule a consultation or quick demo. Let us show you how we can help digitally transform your mortgage process.

Topics from this blog: Compliance

  • Recent
  • Topics
CFPB Announces 2023 Threshold Adjustment for HPML Appraisals
FormAnalyzer 2.0 puts Form Management under your control!
The Resurgence of Temporary Buydown Loans
CFPB Issues Circular Regarding Data Protection Security

Download the Community State Bank case study

Learn how a century-old bank is using eClosing technology to re-invent itself for the digital age.

Download now