Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.
To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:
Privacy and Cybersecurity Activities
- On January 5, the Consumer Financial Protection Bureau (CFPB) released a report, discussing changes in complaint responses provided by nationwide consumer reporting companies, which the CFPB concluded resulted in fewer meaningful responses and less consumer relief. For more information, click here.
- On January 5, the Federal Trade Commission (FTC) announced that it settled an alleged small business financing scheme with two defendants. The defendants will be permanently banned from the merchant cash advance and debt collection industries, and they must pay $675,000 to settle FTC charges that they used deceptive and illegal means to seize assets from small businesses, nonprofits, and religious organizations. For more information, click here.
- In May 2020, the FTC charged a payday lending enterprise with deceptively overcharging consumers millions of dollars and withdrawing money repeatedly from consumers’ bank accounts without their permission. A federal court entered a temporary restraining order, halting the operation and freezing the defendants’ assets at the FTC’s request. For more information, click here.
- On January 7, Maryland Attorney General Brian Frosh co-led an amicus brief filing “to protect employees and consumers from corporate gamesmanship” in a case before the U.S. Supreme Court. In a press release, Attorney General Frosh stated they wanted to ensure “companies cannot seek two bites at the apple by strategically defending cases in court for months — sometimes dragging them out for years in an effort to drain plaintiffs’ resources — then seek arbitration if their court strategy is unsuccessful.” For more information, click here.
- On January 5, New York Attorney General Letitia James issued a press release, announcing “the results of a sweeping investigation into ‘credential stuffing’ that discovered more than 1.1 million online accounts compromised in cyberattacks at 17 well-known companies.” Attorney General James urged companies to take steps to protect their customers’ information, stating: “Businesses have the responsibility to take appropriate action to protect their customers’ online accounts and this guide lays out critical safeguards companies can use in the fight against credential stuffing. We must do everything we can to protect consumers’ personal information and their privacy.” For more information, click here.
- On January 1, Maryland House Bill 565 went into effect. Among other provisions, this bill (1) requires hospitals to submit their policies governing collection of medical debts from patients to the Health Services Cost Review Commission; and (2) prohibits certain collection activities against patients. For more information, click here.
- On December 29, 2021, a California appellate court ruled that bail bond premium financing agreements are consumer credit contracts. As a result, cosigners must receive a notice that warns of the potential consequences of acting as a cosigner under the California Unfair Competition Law. For more information, click here.
Privacy and Cybersecurity Activities:
- On January 6, the New York Privacy Act was reintroduced in the New York State Senate. During last year’s session, this bill made headlines as the first comprehensive privacy law to advance out of committee from the New York State Legislature. This legislation could have a significant impact as it includes broad scoping language and requires opt-in consent for a wide range of data processing activities. Furthermore, unlike the privacy laws adopted in Virginia, Colorado, and California, the New York Privacy Act includes a private right of action in addition to other enforcement mechanisms. Due to this private right of action, businesses that have engaged in significant COVID-19-related data collection activities could face increased litigation risks. On January 7, an identical bill was reintroduced in the New York State Assembly. For more information on the Senate bill, click here, and for more information on the Assembly bill, click here.