A Look at Recent Federal Trade Commission and Consumer Financial Protection Bureau Initiatives Concerning Privacy and Data Security
2BInformed: Engaging with EPA, OSHA’s New Regulation, and Asbestos
The CFPB recently published an Advance Notice of Proposed Rulemaking (ANPR) to reconsider four key issues related to its “Personal Financial Data Rights” rules, which were finalized at the end of 2024 but have been mired in...more
The Trump administration’s CFPB leadership has rolled back a series of Biden-era initiatives. As part of this deregulatory push, on 30 May, CFPB leadership signaled its intent to change course on the rulemaking mandated by...more
Today’s ever-shifting business environment means that consumers, businesses, employers, and employees all expect to transact digitally. To remain efficient and competitive, companies must digitally transform their businesses...more
On August 22nd, the Consumer Financial Protection Bureau (the “CFPB”) published an advanced notice of proposed rulemaking (an “ANPR”) relating to a reconsideration of the CFPB’s current Personal Financial Data Rights Rule...more
The CFPB published an advanced notice of proposed rulemaking (ANPR) on Aug. 22, 2025, seeking comments and data to aid in the agency's reconsideration of its Section 1033 Open Banking Rule. This notice follows the CFPB's...more
On August 22, 2025, the Consumer Financial Protection Bureau (CFPB) published an advance notice of proposed rulemaking (ANPR) seeking public comment on four substantive aspects of its Section 1033 rulemaking under the...more
On Aug. 22, the Consumer Financial Protection Bureau (CFPB) released an Advanced Notice of Proposed Rulemaking (ANPRM) on Personal Financial Data Rights while its October 2024 final rule is the subject of ongoing litigation....more
On August 21, the Consumer Financial Protection Bureau (CFPB or Bureau) took a significant step forward in its reconsideration of the Section 1033 open banking final rule, originally issued in November 2024, by issuing an...more
As promised, the CFPB is issuing an Advance Notice of Proposed Rulemaking soliciting comments on the agency’s open banking rule....more
The rule imposes substantial new diligence, reporting, cybersecurity, and auditing obligations on companies. On December 27, 2024, the U.S. Department of Justice (“DOJ”) issued a final rule implementing Executive Order...more
On June 21, 2024, the US Department of the Treasury (Treasury) released proposed new federal regulations (Proposed Rules) that, if implemented, would prohibit or require notification of a broad range of outbound investment...more
Key Points - On Sunday, April 7, Senate Commerce Committee Chair Maria Cantwell (D-WA) and House Energy and Commerce (E&C) Committee Chair Cathy McMorris Rodgers (R-WA) struck a deal on a comprehensive federal bill, the...more
On February 28, 2024, President Biden signed Executive Order (EO) 14117 titled “Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern.” On March 5,...more
President Biden issued an Executive Order last month calling on the DOJ and relevant government agencies to tighten regulations on bulk data transfers to “countries of concern.” In late February, President Biden issued...more
The only thing truly certain about the proposed U.S. outbound investment regulatory regime is that a lot of uncertainty remains. But industry responses garnered during the comment period may, at least partly, foretell the...more
CYBERSECURITY - CISA, FBI + MS-ISAC Issue Warning on Phobos Ransomware - To help organizations protect against ransomware, CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a...more
CYBERSECURITY CISA- FBI + MS-ISAC Issue Warning on Phobos Ransomware- To help organizations protect against ransomware, CISA, the FBI, and the Multi-State Information Sharing and Analysis Center (MS-ISAC) released a...more
On February 28, 2024, President Joe Biden issued Executive Order (“EO”) 14117, empowering the Department of Justice (DOJ) to regulate the export of certain consumer data, in order to prevent certain countries’ governments...more
On October 19, 2023, the Consumer Financial Protection Bureau (CFPB) issued an advance notice of proposed rulemaking (ANPR) with respect to a new consumer financial data portability rule mandated by Section 1033 of the...more
Welcome to Holland & Knight's monthly data privacy and security news update that includes the latest in policy, regulatory updates and other significant developments. ...more
On December 29, 2022, President Biden signed a new statute that will significantly impact medical device cybersecurity regulation. Section 3305 of the Consolidated Appropriations Act of 2023 (“Section 3305”) authorizes the...more
On January 18, 2023, the National Telecommunications and Information Administration (NTIA) released a Privacy, Equity, and Civil Rights Request for Comment (RFC), which is “intended to examine the persistence of...more
On November 1, 2022, the Federal Trade Commission (FTC) hosted PrivacyCon 2022, its seventh annual conference in which the Commission looks to academics and researchers to inform its efforts to address emerging consumer...more
Roughly two weeks apart, on July 21, 2022 and August 5, 2022, respectively, Amazon made headlines for agreeing to acquire One Medical, “a human-centered and technology-powered primary care organization,” for approximately...more
In August, the FTC launched a groundbreaking privacy and security rulemaking under the FTC Act with an extensive Advanced Notice of Proposed Rulemaking (ANPR) that asks a wide range of questions. The ANPR has generated...more