CFPB Brings First Enforcement Action for False and Misleading Statements on Data Security
The Consumer Financial Protection Bureau (“CFPB”) recently announced a settlement with Dwolla, Inc., an online payment processor, for allegedly deceptive statements Dwolla made to consumers regarding the company’s data security practices. In the settlement, Dwolla agreed to pay a $100,000 penalty and take specific actions to improve its data security. Notably, the enforcement action was not precipitated by a data breach but was predicated solely on the company’s statements regarding the safety of its systems. The Dwolla settlement marks the first enforcement action by the CFPB in the data security space and provides a cautionary lesson for those under CFPB authority.
To read the full alert, click here.