InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Arizona attorney general requests financial assistance for Arizona consumers
On March 19, Arizona’s attorney general issued a request for financial and lending institutions to provide temporary relief to their Arizona customers. The governor’s requests for institutions included taking the following actions for at least 90 days: (ii) forbearing or deferring payments on mortgages, automobile loans, and consumer loans; (ii) postponing foreclosures and evictions; (iii) ceasing automobile repossessions; (iv) waiving late fees and default interest for late payments; and (v) halting negative credit reporting.
Colorado attorney general requests pause of debt collection efforts
On March 18, the Colorado attorney general released a statement urging student loan servicers, creditors, and debt collectors to discontinue mandatory debt collection efforts for consumers who experience financial distress due to Covid-19. The statement further encourages these providers to work proactively to assist such consumers, and states that the attorney general’s office will “continue to evaluate and investigate relevant legal avenues” to protect borrowers during the crisis.
California AG releases second set of modified proposed CCPA regulations
On March 11, the California attorney general released a second set of draft modifications to the proposed regulations implementing the California Consumer Privacy Act (CCPA). These modifications follow the initial proposed regulations published last October and the first set of draft modifications published last month (covered by Buckley Special Alerts here and here). According to a notice issued by the California Department of Justice, these changes are in response to roughly 100 comments received by the Department to the proposed February modifications and are intended “to clarify and conform the proposed regulations to existing law.”
Key modifications are as follows:
- Personal Information. In the February modifications, a section was added to provide guidance regarding the interpretation of CCPA definitions and specifically defined the term “personal information” and provided an example of when IP addresses were not considered “personal information.” In the recent modifications, the Attorney General (AG) struck this section of the regulations.
- Indirectly Receiving Personal Information. The modifications clarify that a business that does not collect personal information directly from a consumer is not required to provide a consumer with a notice at collection if it does not sell the consumer’s personal information.
- Notice at Collection for Employees. The modifications clarify that the notice at collection of employment-related information is not required to include a link to the business’s privacy policy.
- “Opt-Out Button” Button. The modifications strike a provision that previously provided a model for the opt-out button that companies could include on their websites as an additional way for consumers to opt out of selling their information, as well as information about when the button should be used.
- Privacy Policy. The privacy policy section appears to have been updated to further align with the CCPA. In addition to the currently proposed disclosure requirements, the modifications provide that privacy policies also identify: (i) the categories of sources from which personal information is collected, and describe these categories in such a way that allows consumers to meaningfully understand the information being collected; and (ii) all business or commercial purposes for collecting or sending consumers’ personal information, and describe the purposes in a way that allows consumers to meaningfully understand why the information is collected and sold. Further, if a “business has actual knowledge that it sells the personal information of minors under 16 years of age,” it must provide a description of the processes as required by sections 999.330 and 999.331, which outline special rules regarding minors.
- Responding to Requests to Know. While the regulations have made clear that there are certain types of data that a business must never disclose in response to a request to know, such as Social Security number, driver’s license or government ID number, biometric data, etc., the modifications clarify that when responding to a request to know, businesses must inform consumers “with sufficient particularity” that they have collected that type of information. The modifications provide the following example – the business must respond that it collects “unique biometric data including a fingerprint scan” without disclosing the actual fingerprint scan data.
- Responding to Requests to Delete. The modifications provide that if a business denies a consumer’s request to delete, the business sells personal information, and the consumer has not already made a request to opt out of the sale, then the business must ask the consumer if he/she would like to opt out and include either the contents of, or a link to, the notice of right to opt-out.
- Service Providers. The modifications clarify that a service provider may not retain, use, or disclose personal information obtained while providing services unless the information is used to “process or maintain personal information on behalf of the business that provided the personal information, or that directed the service provider to collect the personal information” and complies with the CCPA’s requirements for a written contract for services. The modifications also add that while the service provider may use the personal information to build or improve the quality of it services, it may not build or modify household or consumer profiles to use in providing services to another business.
- Training: Record-Keeping. The modifications clarify that information retained for record-keeping purposes may not be shared with third parties “except as necessary to comply with a legal obligation.”
- Authorized Agent. The modifications clarify that businesses shall not require consumers, or a consumer’s authorized agent, to pay a fee to verify requests to know or to delete.
- Calculating the Value of Consumer Data. The modifications provide that for the purpose of calculating the value of consumer data, a business may consider the value of the data of all natural persons in the United States and not just consumers.
Comments on the second set of proposed modifications are due by March 27. As a reminder, the CCPA became effective January 1.
Massachusetts AG fines auto dealer $1.5 million for predatory lending
On March 9, the Massachusetts attorney general announced a consent judgment to resolve a 2017 lawsuit brought against an auto dealership and its in-house lender alleging that the dealership misled consumers into purchasing unfavorable sale packages in violation of Massachusetts’ consumer protection law. As previously covered by InfoBytes, the complaint alleged that more than half of the auto dealer’s sales failed or ended in repossession due to misleading sales practices, predatory lending, and faulty underwriting. The consent judgment follows a January court decision awarding summary judgment in favor of the AG’s office. According to the AG’s press release, the auto dealer agreed to provide monetary and injunctive relief to resolve the entirety of the lawsuit’s allegations. The relief includes (i) paying $1.5 million, half of which will go towards reducing ongoing payments on active loans for consumers who purchased cars prior to 2018; (ii) providing eligible consumers who had their vehicles repossessed the option to cancel outstanding debts and repair their credit from the repossession; (iii) improving business practices to ensure provision of fair disclosures and enhanced repair services; and (iv) developing a structured process for handling consumer complaints received by the AG.
California AG says federal privacy legislation should not include preemption
On February 25, California Attorney General Xavier Becerra sent a letter to the chairmen and ranking members of the Senate Committee on Commerce, Science and Transportation and the House Committee on Energy and Commerce, asking lawmakers to not preempt state laws as they draft federal privacy legislation. While Becerra expressed his appreciation for Congress’ efforts to address consumer privacy issues through legislation, he stated, “I encourage Congress to favor legislation that sets a federal privacy-protection floor rather than a ceiling, allowing my state—and others that may follow—the opportunity to provide further protections tailored to our residents.” To emphasize his position, Becerra provided an update on the California Consumer Privacy Act (CCPA), which confers significant new privacy rights to California consumers concerning the collection, use, disclosure, and sale of their personal information by covered businesses, service providers, and third parties. The CCPA took effect January 1 but will not be enforced until July 1 following promulgation of the attorney general’s CCPA regulations. (See continuing InfoBytes coverage on the CCPA here.)
Becerra outlined several criteria for Congress to consider when drafting privacy legislation, encouraging Congress to “develop a final bill that builds on the rights afforded by [the] CCPA” as well as the additional guidance within the proposed regulations. These include the right for consumers to (i) “access, correct, and delete personal information that has been collected”; (ii) “minimize data collection, processing, and retention”; (iii) “data portability among services”; and (iv) “know what data is collected and processed and for what reasons.” In addition, Becerra stated that Congress should make clear that state attorneys general have “parallel enforcement authority” and that consumers are granted a private right of action to protect their rights.
Maryland orders vehicle title lender to pay $2.2 million
On February 21, the Maryland attorney general announced the issuance of a final order against a vehicle title lender, its owner, and related businesses (defendants) for making unlicensed and usurious consumer loans in violation of the Maryland Consumer Protection Act. According to the AG’s Consumer Protection Division (Division), the defendants offered consumers short-term, high-interest loans secured by a consumer’s motor vehicle title. The defendants allegedly kept the vehicle’s title, and, if the consumer failed to make a payment on the loan, would repossess or sell the vehicle. The Division claimed that these transactions, which the defendants claimed were pawn transactions, were actually consumer loans under Maryland law and carried interest rates of 360 percent. Under the terms of the final order, all loans the defendants made to Maryland consumers are void and unenforceable. The defendants are also ordered to, among other things, permanently cease engaging in unlicensed lending activities in the state and may not make loans that exceed the maximum allowed rate of interest, charge fees that are not permitted under state law, repossess secured vehicles or other personal property, or operate without requisite surety bonds. In addition, the defendants may not repossess consumers’ vehicles and must return any repossessed vehicles still in their possession. Finally, the defendants must pay at least $2.2 million in restitution to affected consumers, a $1.2 million civil penalty, a $50,000 claims procedure fee, and $73,000 in costs.
FTC, New York settle with debt collection schemer
On February 25, the FTC and the New York attorney general announced a settlement with an individual defendant who controlled a New York-based debt collection operation for allegedly violating the FTC Act, the FDCPA, and New York state law by using false or deceptive tactics to collect money from consumers. As previously covered by InfoBytes, the FTC and the New York AG filed a complaint against the operation in 2018, alleging that operation employees threatened consumers with arrest or lawsuits and sometimes falsely posed as law enforcement officials or attorneys. In addition, the FTC and New York AG claimed employees allegedly increased pressure on consumers by telling them they owed more than indicated in the operation’s records, using forms that showed both the actual balance owed by the consumer as well as a higher balance the collectors claimed the consumers owed—a practice known as “overbiffing.” Under the terms of the settlement, the defendant—who neither admitted nor denied the allegations—is permanently banned from participating in debt collection activities and “is prohibited from misleading consumers about any financial-related products” or services. The settlement also imposed a $1.7 million judgment, of which all but $30,000 is suspended due to the defendant’s inability to pay.
CFPB, South Carolina, and Arkansas file charges in pension-advance scheme
On February 20, the CFPB, the South Carolina Department of Consumer Affairs, and the Arkansas attorney general filed a complaint in the U.S. District Court for the District of South Carolina against a South Carolina-based company and two of its managing partners (defendants) for allegedly violating the Consumer Financial Protection Act and the South Carolina Consumer Protection Code by working with a series of broker companies that brokered contracts offering high-interest credit to disabled veterans and other consumers in exchange for the assignment of some of the consumers’ unpaid earnings, monthly pensions, or disability payments. Under federal law, agreements under which a person acquires the right to receive a veteran’s pension or disability payment are void, and South Carolina law—which governs these contracts—“prohibits sales of unpaid earnings and prohibits assignments of pensions as security on payment of a debt.”
The complaint alleges that the defendants substantially assisted broker companies that allegedly engaged in deceptive and unfair acts or practices through the marketing and administration of high-interest credit. (Covered by InfoBytes here.) The defendants’ alleged actions include: (i) “developing a pre-approval or risk-assessment process for the contracts and conducting underwriting”; (ii) “approving or denying consumers’ applications to enter into the transactions”; (iii) “directing and administering the execution of the contracts”; (iv) “serving as the payment processor for the initial lump-sum payment and fees”; and (v) “continuing to serve as the transactions’ payment processor, tracking and controlling the collection and distribution of consumers’ payments on the contracts.” In addition, the Bureau alleges, among other things, that the defendants provided substantial assistance to the broker companies’ deceptive misrepresentations that consumers could be subjected to criminal prosecution if they breached their contracts. In addition, the defendants also allegedly collected on contracts brokered by the broker companies that were void from inception “by initiating ACH debts to take payments from consumers’ bank accounts,” demanding payments through letters and other communications, and filing suit against consumers who failed to make payments.
The complaint seeks injunctive relief, restitution, damages, disgorgement, and civil money penalties.
New York AG settles with student debt relief companies
On February 18, the U.S. District Court for the Southern District of New York approved a settlement between the State of New York and a student loan debt relief operation including five debt relief companies and one individual (defendants) in order to resolve allegations that the defendants violated the Telemarketing Sales Rule, the Federal Credit Repair Organizations Act, TILA, state usury laws, and various other state laws. As previously covered by InfoBytes, the New York attorney general brought the lawsuit in 2018 alleging that the defendants “engag[ed] in deceptive, fraudulent and illegal conduct…through their marketing, offering for sale, selling and financing” of debt relief services to student loan borrowers. The AG claimed that, among other things, the defendants allegedly (i) charged consumers who purchased the debt relief services illegal upfront fees; (ii) misrepresented that they were part of or working with the federal government; (iii) falsely claimed that fees paid by borrowers would be applied to borrowers’ student loan balances; and (iv) induced borrowers to enter into usurious financing contracts to pay for the debt relief services.
Under the terms of the agreement, the defendants—without admitting or denying the allegations—agreed to a judgment of $2.2 million, which will be suspended if the defendants promptly pay $50,000 to the State of New York and comply with all other provisions of the agreement. The defendants are also permanently banned from advertising, marketing, promoting, offering for sale, or selling any type of debt relief product or service—or from assisting others in doing the same. Additionally, the defendants must request that any credit reporting agency to which the defendants reported consumer information in connection with the student loan debt relief services remove the information from those consumers’ credit files. The defendants also agreed not to sell, transfer, or benefit from the personal information collected from borrowers. According to the settlement, six additional defendants were not included in the agreement and the AG’s case against them continues.
Special Alert: California attorney general modifies proposed CCPA regulations
The California attorney general last week released modifications to the proposed regulations announced last October (covered by a Buckley Special Alert) implementing the California Consumer Privacy Act (CCPA). The CCPA—enacted in June 2018 (also covered by a Buckley Special Alert) and amended several times—became effective Jan. 1.
This Special Alert contains a summary of key modifications to the proposed regulations.* * *
Click here to read the full special alert.
If you have any questions regarding the CCPA or other related issues, please visit our Privacy, Cyber Risk & Data Security practice page or contact a Buckley attorney with whom you have worked in the past.