Consumer Financial Protection Bureau firings do not halt data privacy and security law enforcement for financial institutions

After surviving a constitutional challenge to its very existence, the Consumer Financial Protection Bureau, a federal agency responsible for enforcing consumer data privacy, security, and other consumer protection laws in the finance sector, is back in the news due to mass firings under the Trump Administration.

While the firings may disrupt or delay certain CFPB enforcement activities, financial institutions should continue to comply with applicable consumer data privacy and security laws. Terminated employees have filed lawsuits seeking court orders to restore them to their positions, the outcome of which remains to be seen. If successful, a reinvigorated bureau will continue to enforce strict laws that carry stiff fines and penalties for even negligent violations of consumer privacy rights.

Additionally, regardless of the fate of the terminated CFPB employees, other regulatory bodies such as the Federal Trade Commission, the Securities and Exchange Commission, and the Federal Reserve System maintain concurrent jurisdiction over certain financial institutions and still have the authority to punish violations of the law. Additionally, state regulatory agencies, long the forefront vanguard of consumer banking protection, cannot be terminated by the federal government, and remain on alert for financial institutions that run amok of state data privacy and security laws. In short, although one consumer protection enforcement agency’s staffing is in flux, financial institutions should not allow this potentially temporary development to derail efforts to comply with state and federal law concerning consumer data privacy and security.

Attorneys with McDonald Hopkins’ national data privacy and cybersecurity group are available to counsel financial institutions on their consumer data privacy and security legal obligations.