The FinTech Revolution: How Data Breaches Can Result in Regulatory Enforcement Actions

Ariel S. Glasner and Bridget Mayer Briggs

This is the fifth installment in a series of articles. For more background on this topic, please read our first article in the series, An Introduction to Financial Technology; our second article, The FinTech Revolution: Enforcement Actions Brought against FinTech Companies and Their Implications; our third article, The FinTech Revolution: The Impact of Blockchain Technology on Regulatory Enforcement; and our fourth article, The FinTech Revolution: Complying with Anti-Money Laundering Laws to Avoid Regulatory Enforcement Actions.

As news reports of corporate data breaches have become commonplace, companies must be proactive in preventing security breaches and prepared to take appropriate action in the event one occurs. This mantra is particularly true for FinTech companies that, by the very nature of their business, regularly collect customers’ personally identifiable information (“PII”) and other sensitive data. A failure to adequately protect this information, or to disclose the occurrence of a data breach, exposes companies to the very real possibility of government enforcement action.

We have noted previously that a FinTech company that falsely represents its data security practices is subject to an enforcement action by the Consumer Financial Protection Bureau for violation of the Dodd-Frank Wall Street Reform and Consumer Protection Act.1 In addition, FinTech companies that sell securities—whether publicly or in a private placement—must comply with applicable securities regulations when it comes to data breaches and their attendant disclosure. Continue reading “The FinTech Revolution: How Data Breaches Can Result in Regulatory Enforcement Actions”