Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • Pennsylvania amends privacy bill

    Privacy, Cyber Risk & Data Security

    On November 3, the Pennsylvania governor signed SB 696 to amend the Breach of Personal Information Notification Act. The bill, among other things, prohibits employees of the Commonwealth from using non-secured Internet connections. The bill also includes data storage policy provisions, which establish that an entity that maintains, stores, or manages computerized data on behalf of Pennsylvania that constitutes personal information must develop a policy to govern reasonably proper storage of the personal information. The bill further notes that a goal of the policy must be to reduce the risk of future breaches of the security of the system. The bill is effective 180 days after approval by the governor.

    Privacy, Cyber Risk & Data Security State Issues State Legislation Pennsylvania Data Breach

  • New York prohibits agencies from assessing additional student debt charges

    State Issues

    On October 12, the New York governor signed S7862B, which prohibits state agencies from assessing certain additional collection fee charges on certain outstanding student debts. According to the bill, no state agency is permitted to assess an additional collection fee charge on any debt “owed by a debtor to a state agency for a liability resulting from tuition, fees, room and board, educational benefit overpayments, student loans, or other such charges incurred by a student in furtherance of such student's education,” under certain circumstances. The act is effective April 1, 2023.

    State Issues State Legislation New York Student Lending

  • California amends certain debt collector licensing provisions

    On September 27, the California governor signed AB 156, which, among other things, amends various provisions of the Debt Collection Licensing Act to allow any debt collector that submits an application to the commissioner of the Department of Financial Protection and Innovation before January 1, 2023, to operate pending the approval or denial of the application. The amendments also authorize the commissioner to issue a conditional license pending the receipt and review of fingerprints and related information. Additional provisions state that a conditional license will expire under certain conditions, including the issuance of an unconditional license. The amendments also grant the commissioner authorization to deem an application abandoned. The amendments take effect January 1, 2023.

    Licensing State Issues State Legislation California DFPI Debt Collection Debt Collection Licensing Act

  • California amends protections for servicemembers and veterans

    State Issues

    On September 27, the California governor signed SB 1311 to enact the Military and Veteran Consumer Protection Act of 2022. The Act updates several provisions related to servicemembers and veterans, including amending existing law to provide that a person will be liable for an additional civil penalty of up to $2,500 for each violation if the person engages in “unfair competition, including any unlawful, unfair, or fraudulent business act or practice and unfair, deceptive, untrue, or misleading advertising,” against one or more servicemembers or veterans. Additionally, the Act amends certain provisions related to enforcement of the federal Military Lending Act (MLA). Specifically, the bill makes “any security interest in personal property other than a motor vehicle, off-highway vehicle, trailer, or aircraft void if it would cause a loan procured by specified service members in the course of purchasing the personal property to be exempt from the [MLA].” The Act also makes “any security interest in a motor vehicle void if it would cause a loan procured by specified service members in the course of purchasing the motor vehicle to be exempt from the [MLA] and the loan also funds the purchase of a credit insurance product or credit-related ancillary product.” The Act takes effect January 1, 2023.

    State Issues State Legislation California Military Lending Act Servicemembers Consumer Finance

  • DC passes debt collection bill

    State Issues

    On September 23, the District of Columbia mayor signed B24-0357, which updates the District’s collection laws by expanding protections to cover most consumer debt, in addition to strengthening existing protections for DC consumers. Among other things, the bill: (i) prohibits deceptive behavior from debt collectors, such as making threats; (ii) clarifies that no one can be jailed for failing to pay a debt; (iii) prohibits debt collectors from communicating any information regarding a person’s debt to employers or family members; and (vi) clarifies that debt buyers are required to follow all laws applicable to debt collectors. The law is currently effective.

    State Issues State Legislation District of Columbia Debt Collection Debt Buyer Consumer Finance

  • California updates mortgage licensing requirements

    State Issues

    On September 23, the California governor signed SB 1495. The bill, among other things (i) updates requirements that the assurances required as a condition of license renewal would be that the licensee had, during the preceding 2-year period, informed themselves of those developments; (ii) expands the scope of the crime of perjury, thereby imposing a state-mandated local program; (iii) refers to the Nationwide Mortgage Licensing System and Registry in the provisions of the Real Estate Law as the “Nationwide Multistate Licensing System and Registry”’; and (iv) for real estate broker license applicants, moves the component on state and federal fair housing laws to the real estate practice course instead of the legal aspects of real estate course, and delays the revision to the real estate practice course until 2024. The bill also updates definitions of “SAFE Act,” and “mortgage loan originator.” The bill is effective January 1, 2023.

    State Issues Licensing California State Legislation

  • California passes UDAAP legislation

    State Issues

    On September 15, the California governor signed AB 1904, which amends Section 1770 of the Civil Code relating to financial institutions and addresses certain provisions under the Consumers Legal Remedies Act. Among other things, the bill prohibits a covered person or a service provider from engaging in unlawful, unfair, deceptive, or abusive acts or practices regarding consumer financial products or services, such as, among other things: (i) misrepresenting the source, sponsorship, approval, or certification; (ii) using deceptive representations of geographic origin; (iii) representing that goods are original or new if they have deteriorated unreasonably or are altered; (iv) advertising goods or services with the intent not to sell them as advertised; and (v) making false or misleading statements of fact concerning reasons for, existence of, or amounts of, price reductions. The bill authorizes the California Department of Financial Protection and Innovation to bring a civil action for a violation of the law. The bill would also make unlawful the failure to include certain information, including a prescribed disclosure, in a solicitation by a covered person, or an entity acting on behalf of a covered person, to a consumer for a consumer financial product or service.

    State Issues State Legislation California UDAAP DFPI State Regulators

  • New York expands access to PSLF program

    State Issues

    On September 15, the New York governor signed S.8389-C/A. 9523-B , which amends the Public Service Loan Forgiveness (PSFL) program statewide. Among other things, the legislation: (i) adds clarifying legal definitions, such as “certifying employment,” “employee,” “full-time,” “public service employer,” “public service loan forgiveness form,” and “public service loan forgiveness program”; (ii) establishes a standard hourly threshold for full-time employment at thirty hours per week for the purposes of accessing PSLF; and (iii) permits public service employers to certify employment on behalf of individuals or groups of employees directly with the U.S. Department of Education. The legislation is effective immediately.

    State Issues New York State Legislation Student Lending PSLF Department of Education Consumer Finance

  • California amends GAP disclosure legislation

    State Issues

    On September 13, the California governor signed AB 2311, which amends provisions regarding vehicle finance disclosures. The bill establishes provisions to govern the offer, sale, provision, or administration, in connection with a conditional sale contract, of a guaranteed asset protection waiver (GAP waiver). Specifically, the bill requires creditors to automatically refund the unearned portion of a GAP waiver if a consumer pays off or otherwise terminates their auto loan early. The bill prohibits: (i) conditioning the extension of credit, the term of credit, or the terms of a conditional sale contract upon the purchase of a GAP waiver; and (ii) the sale of a GAP waiver pursuant to certain provisions where the loan-to-value ratio exceeds the maximum loan-to-value ratio of the GAP waiver. The bill, among other things, authorizes the buyer to recover three times the amount of any GAP charges paid. The bill is effective January 1, 2023.

    State Issues State Legislation California Auto Finance Disclosures GAP Waivers GAP Fees Consumer Finance

  • California adopts “first-in-nation” act to safeguard children’s online data and privacy

    Privacy, Cyber Risk & Data Security

    On September 15, the California governor signed into law the California Age-Appropriate Design Code Act (the Act), calling it the “first-in-nation” bill to protect children’s online data and privacy. AB 2273 establishes new legal requirements for businesses that provide online products and services that are “likely to be accessed by children” under 18 years of age based on certain factors. These factors include whether the feature is: (i) “directed to children,” as defined by the Children’s Online Privacy Protection Act (COPPA); (ii) “determined, based on competent and reliable evidence regarding audience composition, to be routinely accessed by a significant number of children”; (iii) advertised to children; (iv) is substantially similar to, or the same as, an online service, product, or feature routinely accessed by a significant number of children; (v) designed to appeal to children; or (vi) determined to be, based on internal company research, significantly accessed by children. Notably, in contrast to COPPA, the Act more broadly defines “child” as a consumer who is under the age of 18 (COPPA defines “child” as an individual under 13 years of age).

    The Act also outlines specific requirements for covered businesses, including:

    • Businesses must configure all default privacy settings offered by the online service, product, or feature to one that offers a high level of privacy, “unless the business can demonstrate a compelling reason that a different setting is in the best interests of children”;
    • Businesses must “concisely” and “prominently” provide clear privacy information, terms of service, policies, and community standards suited to the age of the children likely to access the online service, product, or feature;
    • Prior to offering any new online services, products, or features that are likely to be accessed by children before July 1, 2024, businesses must complete a Data Protection Impact Assessment (DPIA) on or before the same date. Businesses must also document any “risk of material detriment to children” that arises from the DPIA, create a mitigation plan, and, upon written request, provide the DPIA to the state attorney general;
    • Businesses must “[e]stimate the age of child users with a reasonable level of certainty appropriate to the risks that arise from the data management practices of the business or apply the privacy and data protections afforded to children to all consumers”;
    • Should an online service, product, or feature allow a child’s parent, guardian, or any other consumer to monitor the child’s online activity or track the child’s location, businesses must provide an obvious signal to the child when the child is being monitored or tracked;
    • Businesses must “[e]nforce published terms, policies and community standards established by the business, including, but not limited to, privacy policies and those concerning children”; and
    • Businesses must provide prominent, accessible, and responsive tools to help children (or their parents/guardians) exercise their privacy rights and report concerns.

    Additionally, covered businesses are prohibited from using a child’s personal information (i) in a way that the business knows, or has reason to know, is materially detrimental to a child’s physical health, mental health, or well-being; or (ii) for any reason other than a reason for which the personal information was collected, unless a business can show a compelling reason that using the personal information is in the “best interests of children.” The Act also places restrictions on profiling, collecting, selling, or sharing children’s geolocation data, or using dark patterns to encourage children to provide personal information beyond what is reasonably expected.

    The Act also establishes the California Children’s Data Protection Working Group, which will study and report to the legislature best practices for implementing the Act, and will also, among other things, evaluate ways to leverage the expertise of the California Privacy Protection Agency in the long-term development of data privacy policies that affect the privacy, rights, and safety of children online. The state attorney general is tasked with enforcing the Act and may seek an injunction or civil penalty against any business that violates its provisions. Violators may be subject to a penalty of up to $2,500 per affected child for each negligent violation, and up to $7,500 per affected child for each intentional violation; however, businesses may be provided a 90-day cure period if they have achieved “substantial compliance” with the Act’s assessment and mitigation requirements.

    The Act takes effect July 1, 2024.

    Privacy, Cyber Risk & Data Security State Issues State Legislation Consumer Protection California COPPA CPPA State Attorney General Enforcement

Pages

Upcoming Events