Data privacy rules

How the CFPB can better regulate data sharing


As the Consumer Financial Protection Bureau weighs rules on protecting customer information shared between banks and third parties, it should consider giving consumers full authority over their financial data and committing to direct oversight of everyone involved, including data aggregators and fintechs.


State data privacy laws pose compliance headaches for banks


New measures in California and Virginia give consumers more control over their information and may prevent banks from using geolocation services or analyzing personal data without obtaining consent first — except when preempted by federal law.


Consumers have too little control over how their data is shared


Despite tougher privacy regulations, further safeguards are needed that require consumers' clear consent before personal information is exchanged.


CFPB developing proposal on who can access customer data


The rulemaking is expected to draw enormous interest from both banks and third-party fintech providers.


BNP Paribas is latest bank to join IBM cloud project


The IBM-BNP collaboration and other new developments show that high-profile breaches haven't deterred banks from using the cloud to store data.


Lawsuit against Plaid heightens focus on data privacy issues


A class action asserts that the data aggregator accesses more of consumers' bank account information than it needs and ultimately aims to sell the data to others. Plaid, which has agreed to be sold to Visa, denies the allegations.


Referendum on data privacy coming to California in November


Two years after a consumer protection law changed how banks and other companies handle customer information, a new proposal aims for more sweeping reforms.


LendingClub reinforces its cyber defenses


The online lender has deployed new software designed to spot security risks early, especially the kind of cloud-data issues that led to the Capital One-Amazon breach.


State privacy bills try to cut banks a break, but not completely


Recent proposals considered or passed by legislatures around the country grant banks certain exemptions, but they differ from state to state and may pose new compliance headaches.


Security isn't banks' only hang-up about moving to cloud


Liability for missteps by vendors, jurisdictional headaches tied to locations of servers and legacy technology are other potential impediments.