Regulatory Alert | April 2016

Regulatory Alert | April 2016

CFPB Enforcement Action – Data security practices and protection of consumer personal information


The Consumer Financial Protection Bureau (CFPB) recently announced the settlement of an enforcement action against an online payment system related to its data security practices and the safety of its payment network. This is the CFPB’s first enforcement action related to data security, which is significant because the CFPB does not have enforcement authority for the data security provisions of the Gramm-Leach-Bliley Act(GLBA) but rather has relied on its authority to prohibit unfair, deceptive, or abusive acts or practices to protect the security of consumer personal information. Banks and nonbanks under CFPB-supervision, including start-up technology firms that handle consumer personal information, should anticipate heightened attention to their data security practices as well as other GLBA-related provisions, such as privacy.

© 2024 KPMG LLP, a Delaware limited liability partnership and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.

For more detail about the structure of the KPMG global organization please visit

Connect with us