Privacy and Data Security: The Role of the US Regulators

E-Finance & Payments Law & Policy
6 minute read | May.01.2013

In the wake of the Dodd-Frank Wall Street Reform and Consumer Protection Act and in light of the rapid pace of innovation in the online and mobile payments industry, those involved in payment systems need to understand the US regulatory scheme for privacy and data security under which they operate. Additionally, those involved in the payments process need to understand which regulators have regulatory, examination, and enforcement authority with respect to each law, as Elizabeth E. McGinn of Orrick discuss.

This article discusses the regulators and their jurisdiction, with a focus on the federal regulators having authority over many non-banks involved in payments products, such as the Consumer Financial Protection Bureau ('CFPB'), and the Federal Trade Commission ('FTC'). The article focuses on the Gramm-Leach-Bliley Act ('GLBA')1 and the Fair Credit Reporting Act ('FCRA')2 since these are key means through which the CFPB and FTC regulate privacy and data security practices. Although beyond the scope of this article, entities involved in payments products should also be aware of US anti-money laundering requirements, the impact of which may differ based on the role the entity plays in the payments process.

Originally published in E-Finance & Payments Law & Policy, reposted with permission.