Consumer Finance Law Blog

Consumer Finance Law Blog

Developments and Analysis of Consumer Financial Services Laws, Rules, and Regulations

Category Archives: Data Security

Subscribe to Data Security RSS Feed

CFPB Proposes Rule on Prepaid Products to Extend Certain Credit Requirements and Mandate Disclosures

Posted in Consumer Financial Protection, Data Security, Regulatory Developments
The Consumer Financial Protection Bureau released last week a proposed rule that would impose an array of new requirements on prepaid accounts. The proposed new definition of “prepaid account” would include general purpose reloadable cards, electronic or mobile accounts that can store funds such as PayPal accounts, payroll cards, and certain government benefit cards, but… Continue Reading

S.D.N.Y: Plaintiffs Asserting Claims Based on Risk of Identity Theft Lack Standing

Posted in Data Security, Privacy
The Southern District of New York, recently, in Hammond v. The Bank of New York Mellon Corp., No. 08-6060, 2010 WL 2643307 (S.D.N.Y. June 25, 2010) joined other courts from around the country in holding that plaintiffs who bring claims based on the risk of identity theft lack Article III standing. In each case, including the… Continue Reading

Identify Theft Litigation Update: Ninth Circuit Upholds Dismissal Of Speculative Claims

Posted in Class Action, Data Security, Privacy
Updating a prior post, the Ninth Circuit, in Ruiz v. Gap, Inc., recently upheld a dismissal on summary judgment on the grounds that the mere risk of identity theft is too speculative of an injury to substantiate a cause of action based on negligence. See Ruiz v. Gap, Inc., No. 09-15971, 2010 WL 2170993 (9th… Continue Reading

Legal Developments Affecting Payment Card Data Pass Practices

Posted in Data Security, Merchant Billing & Payment, Privacy
On-line marketers that share their customers’ credit or payment card information with other business partners without the consumer’s knowledge or active consent – a practice referred to as a “data pass” – may wish to read a recently published BNA Privacy & Security Law Report titled “Scrutiny on Payment Card Data Pass: Raising the Profile… Continue Reading

Another Missive from the Data Breach Front: Remote Risk of Identity Theft Does Not Confer Standing in Allison v. Aetna

Posted in Data Security, Privacy
Allison v. Aetna, Inc., a recent opinion out of the Eastern District of Pennsylvania, adds to the burgeoning area of law that holds when a plaintiff fails to allege an actual injury resulting from a data breach, but instead only alleges an enhanced risk of identity theft, an injury-in-fact does not exist and the suit… Continue Reading

UPDATE: Data Breaches on the Rise in 2010

Posted in Data Security, Privacy
Updating a previous post regarding the rise last year in the number of data breaches involving customers’ personal information in the general business sector, the numbers of these breaches for the first third of 2010 reflect a similarly troubling trend. According to the Identity Theft Resource Center (“ITRC”), the total number of reported data breaches as… Continue Reading

Study Suggests that Data Breaches Among Businesses May Be on the Rise

Posted in Data Security, Privacy
A recent study released by the Identity Theft Resource Center (“ITRC”), a non-profit organization dedicated exclusively to the prevention of identity theft, suggests that in 2009, while the government appeared to be improving data security, the protection of customers’ private information by some businesses may have worsened. The annual ITRC study is funded by the U.S.… Continue Reading

Federal Agencies Issue FAQs on FACTA Red Flag Compliance

Posted in Data Security, Fair and Accurate Credit Transactions Act (FACTA), Regulatory Developments
Last week , the Federal Trade Commission, jointly with other federal agencies that regulate financial institutions, released "frequently asked questions" designed to provide additional assistance to companies required to comply with new identity theft rules pursuant to the Fair and Accurate Credit Transactions Act ("FACTA") .  Those rules were issued in November 2007. Under the… Continue Reading

Wave of Class Actions for Data Security Breaches

Posted in Class Action, Data Security
If your company collects customers’ personal data in the course of its business, be aware of the wave of class actions that have recently been filed arising out of data security breaches. Finkelstein Thompson, a DC-based law firm, over the past year has filed a series of class actions against businesses that have fallen victim… Continue Reading

Identity Theft Litigation Update: Recent Cases Show Trend Toward Dismissal of Speculative Claims

Posted in Class Action, Data Security, Privacy
Several weeks ago, we discussed how most courts were rejecting lawsuits where the plaintiffs claimed “damages” in the form of an increased risk of identity theft, generally stemming from allegations of an accidental loss or theft of personal confidential information. Since we last blogged on this issue, two recent decisions highlight how that trend is… Continue Reading

Merchants Beware: Protect Your Customers and Company from Credit Card “Skimming”

Posted in Credit Cards, Data Security, Privacy
The current economic climate has had many consequences, including an apparent increase in economic crimes such as credit card fraud. In recent months, numerous credit card scams involving restaurant chains have been reported. For example, the Washington Examiner reported on March 29 that wait staff at several high-end restaurants in Washington, DC, including M&S Grill,… Continue Reading

Fears of Future Identity Theft Generally Not Sufficient To Establish “Actual Damages” In A Lawsuit

Posted in Class Action, Data Security, Privacy
Over the last few years, incidents involving disclosures of personal information by consumer financial service providers have been big news, ranging from the theft of laptop computers containing social security numbers, to hacker attacks on computer networks containing confidential information, to the more "vanilla" theft of personal documents. Not surprisingly, the plaintiffs’ bar has been… Continue Reading

Welcome to the Consumer Financial Services Blog

Posted in Credit Cards, Data Security, Fair and Accurate Credit Transactions Act (FACTA), Fair Credit Reporting Act (FCRA), Fair Lending, Insurance Coverage & Recovery, Legislative Developments, Merchant Billing & Payment
Which among the following businesses are potentially subject to consumer financial services laws, rules, and regulations? A. a retail clothing chain B. a bank or mortgage company C. an internet retailer D. a fast food franchisor E. all of the above If you answered E, “All of the above,” you are CORRECT. However, many companies do not… Continue Reading