On March 2, 2016, the Consumer Financial Protection Bureau (Bureau) undertook its first data security enforcement action in a consent order against Dwolla, Inc., a payment network provider that allegedly made deceptive representations about its data security practices. Although in this matter the Bureau relied upon its authority to take action against “deceptive” practices, the consent order raises the prospect that the Bureau intends to provide regulatory oversight regarding the substantive adequacy of data security practices of covered persons in the future.

Continue reading.