Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.
To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:
Privacy and Cybersecurity Activities
- On January 21, Federal Trade Commission (FTC) announced that it will mark 2022’s Identity Theft Awareness Week (January 31-February 4) with a series of free events focused on trending issues in identity theft, including how to reduce the risk of identity theft and recovery if it occurs. For more information, click here.
- On January 20, the FTC issued an advisory opinion, stating that the Holder Rule does not prevent a plaintiff from recovering attorneys’ fees and costs against a “loan holder,” where another state, local, or federal law permits the recovery as some courts have incorrectly concluded. The FTC issued the Holder Rule to allow consumers to bring any legal claims against the “holder” of a retail installment sales contract or other credit contract that it could assert against the original seller of the good or service, even if the claim springs from the seller’s misconduct alone. For more information, click here.
- On January 20, the Consumer Financial Protection Bureau (CFPB) announced it will begin examining the operations of post-secondary schools, such as for-profit colleges, that extend private loans directly to students. The CFPB also issued an update to its exam procedures, including a new section on institutional student loans. As the CFPB begins its supervision, the exam procedures inform industry about practices that CFPB examiners will review, including placing enrollment restrictions, withholding transcripts, improperly accelerating payments, failing to issue refunds, and maintaining improper lending relationships. For more information, click here.
- On January 19, the FTC ordered more than 20 marketers nationwide to immediately stop making baseless claims that their products and supposed therapies can treat or prevent COVID-19. In cease-and-desist demands sent to these marketers, the agency noted that violators could be hit with monetary penalties under the COVID-19 Consumer Protection Act passed by Congress last year. For more information, click here.
- On January 14, the CFPB announced that it adjusted for inflation the maximum amount of each civil penalty within its jurisdiction. These adjustments are required by the Federal Civil Penalties Inflation Adjustment Act of 1990, as amended by the Debt Collection Improvement Act of 1996 and further amended by the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015. For more information, click here.
- On January 21, North Carolina Attorney General Josh Stein issued a press release, announcing wins in three price gouging lawsuits. “It doesn’t matter the type of crisis — a pandemic, a storm, a gas pipeline shutdown — it’s illegal to try to make a quick buck by taking advantage of North Carolinians’ desperation,” said Attorney General Stein. Per the press release, “North Carolina’s price gouging law is currently in effect related to both the coronavirus pandemic and winter storms.” For more information, click here.
- On January 20, Virginia Attorney General Jason Miyares joined a 27-state letter, asking Occupational Safety and Health Administration (OSHA) to withdraw its COVID-19 vaccine mandate for large employers. Per the attorney general’s press release, the “letter follows a 6-3 decision by the U.S. Supreme Court last week, which temporarily halted the Biden Administration’s OSHA vaccine mandate in response to a legal challenge brought by other state attorneys general in addition to trade groups, nonprofits, and private businesses.” Attorney General Miyares stated, “The Supreme Court was clear — the federal government does not have the authority to force Virginians to choose between their jobs and the vaccine.” For more information, click here.
- On January 18, North Carolina Attorney General Josh Stein released an annual report, listing the top 10 consumer complaints North Carolina residents filed with the North Carolina Department of Justice. The top three complaints for 2021 covered (1) telemarketing/robocalls; (2) utilities; and (3) credit cards. For more information, click here.
- On January 10, the Connecticut Department of Banking revoked a collection agency’s license to collect in the state, while also issuing an order to cease and desist from not cooperating with the regulator and assessing a fine of $100,000 for failing to provide information requested as part of an examination of the agency. For more information, click here.
Privacy and Cybersecurity Activities:
- On January 18, the U.S. Department of Health and Human Services published the “Trusted Exchange Framework” and the “Common Agreement” (collectively “TEFCA) for health information networks. The framework provides “a set of non-binding but foundational principles for health information exchange,” and the Common Agreement “is a contract that advances those principles.” TEFCA will enable participating entities to more easily “engage in health information exchange across the country,” which includes pandemic-related health data. Data privacy and security requirements are major components of TEFCA. For example, the Common Agreement requires that entities providing individuals with access to their personal health information “make publicly available a written privacy and security notice” that is “accessible and current at all times” and is “written in plain language.” For more information, click here.
- On January 17, Mississippi Senator Angela Turner-Ford introduced the Mississippi Consumer Data Privacy Act (MCDPA). This comprehensive data privacy law closely resembles the California Consumer Privacy Act (CCPA) and would take effect on July 1, 2023. Similarities include the requirements that businesses engaging in data sales provide an opt-out for such sales and post a “Do Not Sell My Personal Information” button on their website. Unlike the CCPA, the MCDPA does include a private right of action for consumers. Over a dozen other privacy bills have been introduced in state legislatures this year. For more information on the MCDPA, click here.