Andrew L. Sandler Quoted in The National Law Journal Article, "CFPB Takes First Step Into Cybersecurity Regulation"
C. Ryan Barber
March 3, 2016
Andrew L. Sandler was quoted in C. Ryan Barber's The National Law Journal article, "CFPB Takes First Step Into Cybersecurity Regulation," on March 3, 2016.
The Consumer Financial Protection Bureau has fired a shot across the bow of the burgeoning online-payment industry, taking an enforcement action this week that marked the agency’s first foray into regulating cybersecurity.
Dwolla Inc., a Des Moines-based digital payment startup, agreed to pay a $100,000 penalty and improve its data security practices as part of a consent order that the bureau issued Wednesday. Without alleging that the company was breached, the bureau accused Dwolla of overstating the measures it took to protect consumers’ personal information between December 2010 and 2014.
The consent order, which requires the company to fix its security practices and conduct biannual risk assessments, represented the five-year-old agency’s first step into territory traditionally policed by the Federal Trade Commission. In August, a federal court affirmed the FTC’s authority to regulate cybersecurity in a landmark case involving Wyndham Hotels and Resorts.
“The CFPB takes a very expansive view of its jurisdiction,” said Andrew Sandler, chairman and executive partner of BuckleySandler. “This settlement is the CFPB’s announcement that it intends to hold companies responsible for ensuring there are policies and protections around consumer data.”