CFPB Tasked with FCRA Interpretation - FTC Issues Staff Report to Aid Transition
Since the Fair Credit Reporting Act (FCRA) was adopted in 1970, the Federal Trade Commission (FTC) has been the agency primarily responsible for interpreting the Act through formal rules and informal guidance materials. The Dodd-Frank Wall Street Reform and Consumer Financial Protection Act of 2010 shifted the authority to publish FCRA rules and guidelines to the newly created Consumer Financial Protection Bureau (CFPB). On July 21, 2011,to celebrate the 40th anniversary of the FCRA and aid the CFPB as it takes over interpreting the FCRA, the FTC issued a staff report entitled “Forty Years of Experience with the Fair Credit Reporting Act: An FTC Staff Report and Summary of Interpretations.” The staff report provides important insight into how the CFPB will interpret and enforce the FCRA going forward. This post summarizes some of the highlights of the staff report and the implications of the FTC’s newly issued FCRA interpretations.
Continue Reading...FTC's Red Flags Rule Slated to Take Effect - Congress Tries Another Fix
The Federal Trade Commission's latest delay in enforcing the Identity Theft Red Flags Rule is slated to expire on December 31, 2010. This fifth delay, which the FTC announced on May 28, 2010, was requested by members of Congress, who had been working to respond to the outcry over the FTC's broad interpretation of the Rule. In the latest legislative initiative, on November 17, 2010, representatives Adler (D-NJ), Broun (R-GA) and Simpson (R-IN) advanced a bill (HR 6420) that seeks to limit the scope of the FTC's Red Flags Rule by amending the Fair Credit Reporting Act's (FRCA's) definition of "creditor."
Continue Reading...Appeals Court Considers Applicability of the Red Flags Rule to Attorneys
Several news outlets are reporting today on the November 15, 2010 argument before the U.S. Court of Appeals for the D.C. Circuit on the applicability of the Federal Trade Commission's Identity Theft Red Flags Rule.
The relevant part of the Rule implements Section 114 of the Fair and Accurate Credit Transactions Act (FACTA) and requires certain creditors to develop and maintain an identity theft prevention program designed to detect, prevent and mitigate fraud attempted or committed through identity theft. The FTC has taken the position that attorneys and law firms are within the scope of the Rule’s definition of “creditor” to the extent they allow clients to pay for legal services after the services are preformed. The ABA successfully challenged the applicability of the Rule to attorneys before the D.C. District Court. The FTC appealed that ruling.
Continue Reading...Information Governance
When it comes to creating policies for handling personal data in an organization, who decides? How are those policy decisions made and kept up to date?
These are questions of governance – I would call it “information governance.” Most large enterprises have established responsibilities and procedures for information technology governance and specifically for IT security policies, procedures, procurement, management, and training. In many cases, however, these have not been fully mapped to personal data compliance and risk management requirements, which should be defined and monitored by a somewhat different group of people, from departments beyond IT and security. Unless privacy issues are visible in the internal governance process, the organization – and the individuals that deal with it -- may be exposed to some nasty surprises.
