In a Consumer Financial Protection Circular, the Consumer Financial Protection Bureau (CFPB) stated that the prohibition of unfair, deceptive, and abusive acts or practices (UDAAP) under the Consumer Financial Protection Act (CFPA) can be violated if an entity has insufficient data protection or information security.
The CFPB has been on a recent push to expand the applicability of the CFPA’s UDAAP prohibition on areas peripherally related to the provision of consumer finance products and services.
Read on for more details.