March 9, 2016 – Since the launch of the Consumer Financial Protection Bureau four years ago, the agency has taken numerous enforcement actions against companies who have experienced data breaches. But last week, the agency began a new era of enforcement. It entered into a consent decree with online payment company Dwolla for failing to protect consumer data even though Dwolla never experienced a data breach. The action should serve as a warning to companies that store and use consumer data. The CFPB is watching you and has the power fine you.

Tweet

Dwolla had claimed that it used better than industry standard data security. The CFPB determined that this claim was inaccurate and that the company had deceived consumers when making it. The agency fined the company $100,000. The company has also agreed to take corrective action to bring it in line with its public claims.

The action against Dwolla is likely to be the first of many enforcement actions of this type. Companies that make claims similar to those made by Dwolla are really challenging the agency to audit those claims. This means that companies need to look very closely at any public claims they make about their data security and insure that those claims are accurate. If they are not, they need to take corrective action immediately. Not doing so is an open invitation to the CFPB for an audit, fines and potentially other penalties.

byJim Malmberg

Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.

Follow me on Twitter:

Follow ACCESS