UDAAP Violations caused by Insufficient Data Protection

Jonathan Foxx, Ph.D., MBA Chairman & Managing Director

September 1, 2022 Question Last year, we were criticized by our regulator for not “safeguarding consumer data.” We revamped our policies and procedures for several weeks, hired an IT company, did penetration testing, and even hired a law firm to check our system. They brought in a firm such as yours to do an overview of our policies. So, we thought we covered all the bases.  We have just received a letter from the regulator. They are requesting an on-site visit soon. This was expected. But as we got ready for the examination, we learned that the CFPB is going after consumer protection violations, such as connecting to UDAAP violations.  Since we covered everything – or thought we did! – it would be great if you could fill in any possible blanks to prepare for the coming examination.  What important actions can we take to double-check our consumer data security? Answer Safeguarding consumer data requires constant vigilance. Some companies dwell on the digital aspects, but that is certainly not enough, nor is it so narrowly adduced. I think your question is best understood in the context of insufficient data protection because insufficient data protection may indeed lead to UDAAP violations.  The nexus to UDAAP violations is likely what the CFPB has in mind concerning safeguarding sensitive consumer information. While the prohibitions in UDAAP are fact-specific, failure to implement common data security practices will significantly increase the likelihood that a firm may be violating UDAAP. I am going to describe the CFPB’s view of conduct that typically meets the first two elements of a UDAAP claim, that is, (1) the likeliness to cause substantial injury to consumers and (2) that it is not reasonably avoidable by consumers, which then increases the risk that an entity’s conduct triggers liability under the CFPA’s prohibition of unfair practices. COMPLIANCE SOLUTION UDAAP Tune-up

Jonathan Foxx, Ph.D., MBA Chairman & Managing Director Visit our Website Pioneering Mini-Audits What is a Compliance Tune-up?  Compliance Solutions Speak to an Expert Contact Us Send an Email Ask a Question Careers

CONTINUOUS COMPLIANCE™

The most comprehensive mortgage compliance solutions in the United States!

Member of National Organizations ABA | MBA | NAMB | AARMR | MISMO | ARMCP | ALTA | IIA | ACAMS | MERSCORP