Chris Carlson is an associate in Troutman Sanders’ Business Litigation Group and Government Investigations, Compliance, and Enforcement Section. Chris’ practice focuses on representing clients involved in regulatory, civil, and criminal investigations and litigation. Chris also represents clients interacting with and being investigated by state Attorneys General.
Continue Reading Christopher Carlson

If you use the internet, you have probably encountered at least one of the scams con artists use to bilk victims. There’s “catfishing” and other online dating fraud, where scammers use fake identities to woo victims into sending money. There’s also “grandparent scams,” where typically elderly victims are tricked by those posing as his or her grandchild into sending money for a faux emergency. Cryptocurrency’s recent rise in popularity has seen fraudsters put a twist on the old scams and come up with a new one: cryptocurrency investment schemes. And the Federal Trade Commission and state AGs are taking steps to put the public on notice and minimize consumer harm on this new twist.

Crypto Scams

The North Dakota attorney general’s office indicated that state citizens have fallen for traditional scams, including romance and grandparent scams, but victims are asked to pay in cryptocurrency, such as bitcoin, instead with fiat currency.[1] Three Michigan regulators — the attorney general, Department of Licensing and Regulatory Affairs, and Department of Insurance and Financial Services — have jointly sounded the alarm urging consumers to protect themselves when using (or investing in) cryptocurrency.[2]

Beyond the traditional schemes that prey on the most vulnerable, the cryptocurrency investment schemes have targeted unsuspecting individuals and sophisticated investors alike. Some fraudsters make “initial coin offerings” (ICOs) that function much like a corporation’s initial public offering. Instead of stock, however, scammers offer the public digital tokens, claiming they will use the funds to build the latest and greatest cryptocurrency. Unfortunately for victims, however, offerors sometimes take investor money only to disappear without a trace.

These crypto investment scams have been aided by conditions ripe for fraud: cryptocurrencies’ impressive increase in value[3], a lack of regulation, and one of crypto’s defining features — anonymity.

The Harms Caused

Scammers have perpetrated cryptocurrency fraud at an impressive scale. According to the Federal Trade Commission’s latest report,[4] victims lost more than $80 million from October 2020 to March 2021 alone. While traditional internet scams have targeted the elderly or lonely bachelors and bachelorettes, the victims of cryptocurrency investment schemes have primarily been men and women in their 20s and 30s. One hypothesis for the disparity is older groups’ inherent mistrust of digital currency, while younger age groups, who grew up alongside technology’s repaid advances, are more likely to view cryptocurrencies as a prudent investment.

Our Take

State and federal consumer protection agencies are focused on the risks created by cryptocurrencies. For companies involved in this space, we recommend taking proactive steps to reduce the risk of a government-led investigation — given that, even here, an ounce of prevention is worth a pound of cure.

[1] See

[2] See,4534,7-359-92297_47203-562264–m_2017_1,00.html.

[3] From October 2020 to March 2021, the price of bitcoin surged 450% to nearly $59,000, while dogecoin surged 933% in the same period.

[4] This spotlight is based on reports from consumers to the FTC or to any Consumer Sentinel Network data contributor.

Bob Ferguson, the attorney general of Washington, has released his 2021 legislative agenda. The requested legislation includes a bill that would self-impose notice requirements to Washington tribes before initiating a project or program that would implicate tribal rights. The legislation “requires that the Attorney General obtain free, prior, and informed consent before initiating programs or projects, under his or independent authority, that affect tribes, tribal rights, and tribal lands.”

In the release announcing the proposed regulation, Attorney General Bob Ferguson stated:

“In furtherance of strengthening partnerships between Indian tribes and my office, I am introducing legislation requiring my office to achieve free, prior and informed consent before initiating a project or program that directly and tangibly affects Indian tribes, rights, tribal lands and sacred sites. This will ensure that it is a policy that will remain in effect, regardless of who the Attorney General is in the future.”

In terms of the practical effect of the legislation, the Washington “Attorney General’s Office must refrain from filing any litigation against a tribal government or tribal-owned business without first engaging in meaningful consultation to resolve the dispute, provided that doing so does not violate the rules of professional conduct.” The bill would go into effect on July 1, 2022, and in addition to the notice and consent requirements, would direct the attorney general to host an annual meeting with all tribes located in Washington with the goal of “ensuring strong government-to-government relationships, promoting and sustaining greater communication, and identifying opportunities to collaborate on areas of mutual interest.”

Senate Bill 5298 is supported by the tribes with Lower Elwha Klallam Chairwoman Frances Charles stating, “Attorney General Ferguson made a meaningful and historic step towards recognizing and honoring the full sovereignty of Washington’s Tribes.”

The bill was introduced by five Democrats on January 20, 2021 and is scheduled for a February 3, 2021 hearing in the Senate Committee on Labor, Commerce & Tribal Affairs. This legislation is important to notions of tribal sovereignty and self-determination for Washington’s 29 federally recognized tribes, but does not request nor require consensus from tribes.

Troutman Pepper will continue to monitor this legislation and further developments in this area.

On January 5, Virginia Attorney General Mark R. Herring announced the creation of a new Office of Civil Rights, which will expand and replace the existing Division of Human Rights within the office of the attorney general. The new division is a prime example of state regulators’ expanded scrutiny of workplace activities occurring nationwide, particularly in light of recent federal rollbacks, for which all businesses must remain cognizant.

The new office will protect Virginians’ civil rights through increased investigative and enforcement capabilities, particularly specialized investigations into LGBTQ and gender-based discrimination, housing discrimination, discrimination in employment and places of public accommodation, and protecting the rights of expectant and new mothers. According to a press release from Attorney General Herring, the new division will also work with the General Assembly to launch legislative civil rights initiatives, including greater protections for disabled Virginians, tools to combat health care discrimination, voter protection, and education equity.

As the new Office of Civil Rights takes shape, Virginia businesses should prepare themselves to articulate and defend their policies regarding civil rights, discrimination, and equal opportunities for employees, customers, tenants, and clients.

Moreover, the expanded capacity of this office (growing from three to 13 staff members) provides opportunities for businesses to obtain clarity — through whitepapers and individual conversations — about the requirements necessary to maintain compliance with Virginia law.

In light of this new delegation within the AG’s office, Virginia businesses — especially fast-growing entities that lack the time or resources to consider the many facets that go into civil rights compliance — may want to take steps to ensure they do not run afoul of state regulators in the commonwealth or nationwide. These include:

  1. To the extent a business may not be in compliance with significant regulations and laws — or to the extent compliance has been a secondary consideration — businesses should work to ensure compliance with all applicable regulations and laws, including those recently passed by the General Assembly. This likely requires a dedicated initiative, including designated personnel capable of interpreting and applying the law.
  2. Businesses should be prepared to answer detailed questions about internal practices. The new Office of Civil Rights has the authority to inquire about any aspect of business practices related to potential discrimination. Initial inquiries may not lead to penalties or even an official investigation, but they must be taken seriously. Businesses should be prepared to provide detailed responses and related documentation if required.
  3. To that end, businesses should maintain excellent records, including documentation of relevant policies and initiatives, a system for documenting complaints, and remediation plans.
  4. Finally, businesses should be proactive in their efforts. The Office of Civil Rights exists to uphold the most essential of laws — those protecting human rights. Businesses should embrace this opportunity to go well beyond compliance and to carefully review their anti-discrimination initiatives. There has never been a better time to proactively address civil rights and discrimination in the business community, and Virginia businesses would benefit greatly from using the Office of Civil Rights’ creation as motivation for introspection and innovation.

With the help of Delegate Charniele Herring, Attorney General Herring also plans to propose legislation in the Virginia General Assembly that would make the Office of Civil Rights a permanent entity within the AG’s office. Democratic majorities in both the Virginia House of Delegates and the Virginia Senate passed several bills in 2020 that expand the AG’s duties, including a ban on income discrimination, amendments to Virginia’s fair housing laws, protections for transgender students, and expanding the definition of hate crimes. The General Assembly also directed the AG’s office to develop recommendations for proactively enforcing provisions of the Code of Virginia requiring equal pay irrespective of sex and race.

The announcement comes as Herring seeks a third term and readies himself to take on a primary challenger later this year in Delegate Jay Jones, who similarly proposed a dedicated civil rights office as part of his campaign. The election results, which may alter the balance of partisan power in both the AG’s office and the Virginia House of Delegates, may have implications for the Office of Civil Rights as well.

On January 18, Alaska Governor Mike Dunleavy appointed Clyde “Ed” Sniffen to be Alaska’s next attorney general, subject to approval by the Alaska legislature. Sniffen has served as acting attorney general since the resignation of Kevin Clarkson in August 2020.

In December 2020, Sniffen was among the state attorneys general who supported an amicus brief filed on behalf of Texas in its challenge to the 2020 presidential election results in the Supreme Court.

Sniffen Background

Sniffen joined the Alaska Department of Law in 2000, focusing initially on antitrust and consumer protection matters as part of the consumer protection unit. He also served as chief assistant attorney general for the Regulatory Affairs Section, representing the public interest before the state’s utility commission, as well as deputy attorney general and chief of staff. Sniffen has a history of working with the Alaska legislature to enact and amend consumer protection and antitrust statutes.

Before joining the Alaska attorney general’s office, Sniffen maintained a private practice in Anchorage that focused on natural resources, environmental, labor and employment, maritime, and utility law.

Sniffen received his B.A. in biology and sociology from the College of Idaho and his J.D. from Willamette University College of Law.

Seven state attorneys general, led by New York Attorney General Letitia James, reached a settlement with Residual Pumpkin Entity LLC (formerly known as CafePress LLC) (“CafePress”), related to a 2019 data security incident, exposing 22 million customer accounts and as many as 186,000 social security and tax identification numbers.


Based on the state attorneys general’s Assurance of Voluntary Compliance, CafePress — an online retailer of customizable apparel, mugs, and other consumer products —– was the victim of a cyberattack on or before February 19, 2019. A third-party security researcher notified CafePress of a potential Structured Query Language (SQL) vulnerability.

SQL comes in many different versions and denotes a language that accesses databases, which website administrators often depend on to execute queries, retrieve data, and update records in online databases. When a website’s web application or plug-in is improperly coded, malicious actors can use SQL to inject their own malicious SQL statements to access information stored in databases.

The third-party security researcher, who notified CafePress of the vulnerability, later demonstrated “in real time using a custom script and listed information he had extracted for 19 accounts in CafePress’ customer databases, which included email addresses, passwords, and, for eight accounts, [s]ocial [s]ecurity or tax identification numbers.”

Initially believing the vulnerability did not result in a breach after checking its logs, patching an update to remediate the vulnerability, and resetting customer passwords, CafePress’ full investigation proved otherwise. CafePress later learned that its users’ personal information was exposed to bad actors when it found personal information for sale on the dark web, including social security and tax identification numbers. By September 2019, CafePress began notifying customers of the incident, starting with those at most risk.

The Assurance Follows Common Security Trends Helpful to All Businesses

The Assurance of Voluntary Compliance, entered into by the seven state attorneys general, spanned seven (7) pages and required CafePress to make the following changes to its business practices:

  • create an information security program with distinct protocols, a timeline for review, the qualifications for the lead employee, and related training requirements for management-level employees;
  • establish an incident response and data breach notification plan with distinct phases for (1) preparation, (2) detection and analysis, (3) containment, (4) eradication, and (5) recovery;
  • prepare a security event report even if the security event does not require data breach notification;
  • establish the following personal information safeguards and controls: (1) encryption, (2) segmentation, (3) penetration testing, (4) risk assessment, (5) password management, (6) logging and monitoring, (7) personal information deletion, and (8) account closure notification; and
  • require biennial security program assessments.

As businesses are unique, all businesses should implement and maintain their own programs to protect personal information collection and storage. Businesses should view the terms above as a guidepost in their own comprehensive information security program. For business leaders unsure if their practices comply with these benchmarks and unsure where to start, read our post discussing ways business leaders could reduce their organizations’ cyber risks.

The Assurance of Voluntary Compliance Demonstrates the Enforcement Capacity of State Attorneys General Data Security Enforcement Divisions

Pulling back the onion demonstrated that the consent judgment has minimal enforceability. Based on the company’s present financial condition, $1,250,000 of the $2,000,000 settlement was suspended. Moreover, PlanetArt LLC, the recent purchaser of CafePress’ assets, was not required to comply with any of the injunctive terms because it does not collect, maintain, or use personal information.

While these decreased monetary penalties and enforcement terms likely reduced the number of participating states to the initial lead states investigating CafePress, the fact that the state attorneys general pushed this matter to settlement, despite thousands of data breaches occurring annually, demonstrated that they will take a case to the finish line in a way previously limited by resource constraints.

Over the past year, states — including ConnecticutNew Jersey, and California — have invested in dedicated consumer privacy and data security enforcement divisions. With this bolstered enforcement capacity, states previously limited in resources may now have the ability to participate in nationwide investigations concerning privacy and security incidents. New York Attorney General Letitia James emphasized this commitment in her CafePress press release when stating, “My office is committed to protecting consumers, which is why we will continue to use every available tool to hold companies accountable when they fail to safeguard personal information.”


In 2021, state attorneys general will continue to bolster their current data security enforcement capacities, with the CafePress resolution demonstrating that companies must take steps to adequately protect personal information. Companies also should implement incident response plans, tested regularly through tabletop exercises, to prepare themselves if a data incident occurs.

Last week, the Washington State Attorney General filed a lawsuit against Convergent Outsourcing, Inc. for sending 75,000 “Settlement Offer” letters to Washington consumers without disclosing that the underlying debt was beyond the statute of limitations. While yet another example of Washington Attorney General Bob Ferguson’s active enforcement of the state’s debt collection laws, the Attorney General’s press release provides broader insights into how state attorneys general are scrutinizing companies and how a business can take proactive steps to mitigate regulatory scrutiny.

“Sophisticated” Companies Will Be Held to Account

While the Washington Attorney General generally warned that “[d]ebt collection companies cannot use deception as a means to get around the law,” he took specific issue with Convergent’s size and capabilities, proclaiming: “I intend to hold this large, sophisticated debt collection corporation accountable for its unlawful conduct putting profits above the law.” The press release went further to detail that Convergent is a “collection agency with approximately 700 employees and $80 million in annual revenues” that “collected on accounts of major corporations around the country.”

As such, it is important for large companies to proactively take actions that allow them to be above reproach. One way to do this is to develop purposeful relationships with regulators that afford the opportunity to openly discuss potential innovative changes to a business’s practices to obtain assurances that a particular communication or practice complies with state laws. If a company is successful in obtaining such assurances, those assurances can then be pointed to if another of the 56 state and territorial attorneys general take issue with your practices later on.

Regulators Keep an Eye on Private Actions

Often, consumer protection attorneys in state attorneys general offices are hesitant to take enforcement actions unless they know that their case may be successful, and one way to ensure this is to await a ruling from a private action.

This is exactly what occurred here. In the press release, the Washington Attorney General points out that Convergent’s settlement offer letter was declared to be infirm in September 2016 by the United States Court of Appeals for the Fifth Circuit in Daugherty v. Convergent Outsourcing, 836 F.3d 507 (2016).

The Attorney General’s utilization of this ruling, from more than five years ago, also demonstrates the persistence of state regulators and their ability to utilize tools such as tolling agreements and the fact that equitable claims often do not have a statute of limitations.

As a result, if a company is found to have violated consumer protection laws, it should take the necessary efforts to prepare for follow-on lawsuits by state Attorneys General. State regulators often will be looking to ensure that the company has changed the controversial business practice and will be considering whether restitution has already been provided to affected consumers. As such, the company will want to work proactively to demonstrate that it is independently remedying the problem to minimize the potential for regulatory action that may yield additional civil penalties.

Minimal Consumer Harm Can Still Snowball into Millions in Remedies

While the breaking news exposed by the Wall Street Journal and New York Times often leads to the establishment of nationwide, multistate actions, the lifeblood of the attorney general’s office are consumer complaints brought by a state’s citizens. It is from these individual complaints that an attorney general’s consumer protection lawyers obtain information to dig deeper into an issue to both identify legal issues with a business’s practices and determine the true scope of such a problem.

Here, despite only having “obtained three of the ‘settlement offer’ letters Convergent sent to Washington consumers,” the Attorney General suit extended to 75,466 collection letters sent to Washington consumers from January 1, 2013 to February 23, 2015. This likely means that Convergent provided this information voluntarily in response to an inquiry from the Attorney General or the State of Washington obtained this information utilizing its subpoena power.

Even though this action was spurred by the Attorney General after receiving only three “settlement offer” letters, the Washington Attorney General’s complaint demands that the court order Convergent to return all revenue it collected from the more than 3,000 Washington consumers as a result of the letters at issue, and also requests restitution nationwide (despite this demand extending beyond the scope of the Washington Attorney General’s authority). Additionally, these allegations have the potential to result in millions of dollars to the State in the form of civil penalties (up to $2,000 per violation) and related attorneys’ fees and costs.

Given the size of the hammer held by state attorneys general, it is important that companies respond quickly and appropriately to consumer complaints. If a company demonstrates a willingness to resolve a stand-alone consumer complaint, a regulator may be more prone to utilize its limited resources enforcing its laws against another company.

June 9th at 2:00 pm ET


State Attorneys General have become more active in their efforts to protect consumers as it relates to banks and payment processors, especially when you take into consideration COVID-19. In this webinar we will discuss some key concerns of State Attorneys General, expectations, and their relationship to federal consumer protection agencies. We will focus on the efforts of the more active State Attorneys General and hopefully provide you with some key takeaways to help you mitigate future risk.

This topic is important generally, and particularly timely as consumers are struggling and their State AGs are working to ensure that they are not taken advantage of due to the crisis we find ourselves in.

*Current as of April 8. This update accounts for guidance from 17 additional states and the District of Columbia.

As states shut down normal operations in response to the novel coronavirus (COVID-19), governors and state attorneys general across the country have offered guidance to local governments about how to balance state laws that emphasize open meetings, while these same officials are also taking action to halt public gatherings. To date, forty-two states have weighed in on how their governments will conduct “the public’s business” in the public eye despite the increasing precautions that these same states are enforcing regarding public meetings.

Recognizing that their current laws fail to provide the mechanisms necessary to conduct business electronically, Ohio is just one state that has taken measures to enact new legislation allowing open meetings to be held via teleconference or videoconference when the Governor has declared a public health emergency. Others, like Kentucky Attorney General Daniel Cameron, have read their states’ current regulations to alleviate certain requirements for public meetings, while encouraging government agencies to use electronic communication for all necessary business. Meanwhile, Virginia Attorney General Mark Herring has opined that Virginia’s open meetings laws allow local government meetings by audio or videoconference only if the subject of that meeting has a tangible nexus to the ongoing emergency.


Each state has “sunshine laws” that govern public access to governmental records and meetings. These laws are recognized as pivotal to public participation in our democracy. The United States recognizes “Sunshine Week” – a seven-day period to highlight the importance of open government policies. Unlike previous years, this year Sunshine Week occurred from March 15 to March 21, 2020 – in the wake of unprecedented school shutdowns and mandated social distancing across our nation.

In general, during an emergency, states provide local governments with alternatives to the normal practice of holding in-person meetings that are open to the public. Yet, many states’ existing laws fail to account for the type of prolonged public health emergency brought on by COVID-19 – and the tangible harms that could occur from public gatherings. Although local governments must carry on with the normal business that preceded this crisis, they are faced with doing so during a projected many-months long period of social distancing. Under many states’ existing sunshine laws, public meetings may occur electronically, or outside the physical presence of the public, only if the emergency is the subject of the meeting. Otherwise, the public body must provide an accessible physical location, even if only one person is present.

Promoting Flexibility in an Unprecedented Crisis

Many governors and state attorneys general recognize the conundrum that the current crisis has created with regard to public meeting requirements. While local government bodies must meet to address the needs of communities, public meetings threaten to spread the virus and exacerbate the potential harm to the public. Faced with this quandary, many governors and state attorneys general are either proactively reading their current state regulations to provide for normal business with modified public access through electronic communications or directing or urging the legislature to modify existent laws to allow the business of government to continue. As has become clear for local officials and citizens alike, while business as usual will be suspended for an indefinite period, routine non-emergency business must continue.

Governors or state attorneys general from the below states have weighed in on how their governments will remain accountable during increased regulations on in-person gatherings:

Alabama. Gov. Kay Ivey issued a proclamation that governmental bodies could conduct meetings by audio or video conference if the meeting is limited to matters necessary to respond to COVID-19 or necessary to perform essential minimum functions.

Arizona. Attorney General Mark Brnovich declared that Arizona’s Open Meeting Law permits public bodies to “hold a remote meeting through technological means” so long as the public is given advance notice.

California. Gov. Gavin Newsom issued Executive Order N-25-20 that in part authorized public bodies to meet via teleconference and to make such meetings accessible by telephone or otherwise electronically to anyone seeking to attend or address the body.

Colorado. Attorney General Phil Weiser issued guidance interpreting Colorado’s Open Meetings Law and Administrative Procedures Act to allow public bodies to conduct public meetings remotely by electronic means.

Connecticut. By Executive Order No. 7B, Gov. Ned Lamont suspended the state’s in-person open meeting requirements so that public bodies could meet by audio or video conference so long as public access is available.

Delaware. As part of Gov. John Carney’s emergency declaration, public bodies could conduct all public meetings electronically, “either by means of telephone conference call or video-conference call.”

District of Columbia. With the passage of the COVID-19 Response Emergency Amendment Act of 2020, the D.C. council relaxed the requirement for public body meetings such that “no meetings shall be required during a public health emergency.” The Act also provides greater flexibility of the Open Meetings Act when meeting remotely.

Florida. Attorney General Ashley Moody issued an advisory legal opinion in response to a request from Gov. Ron DeSantis concluding that absent legislative or judicial action, Florida’s existing laws do not permit a necessary quorum to be present by means other than in-person. In response, Gov. DeSantis issued Executive Order 20-69 that authorized public bodies to utilize audio and video conferencing for all public meetings until expiration of EO 20-52 – Florida’s March 9 declaration of emergency.

Georgia. Attorney General Chris Carr advised city leaders to postpone discussion items that could wait during the present emergency conditions, telling cities to consider their own technological capabilities to provide appropriate public access to meetings that must take place.

Hawaii. Through a supplemental emergency proclamation, Gov. David Ige suspended the state laws that require government agencies to conduct public meetings. To the extent necessary, public bodies are to conduct business “through remote technology without holding meetings open to the public.”

Idaho. Gov. Brad Little amended his March 13 proclamation to suspend Idaho’s open meetings law, but at least one member of the public agency must still be physically present at the location designated in the meeting notice. Agencies are encouraged, but not required, to enhance public attendance and participation via telecommunication devices during the state of emergency.

Illinois. Citing the Governor’s Executive Order 2020-07, Attorney General Kwame Raoul advised that the requirement of in-person attendance and the limitations on when remote participation is allowed for public meetings are suspended.

Indiana. With Executive Order 20-09, Gov. Eric Holcomb temporarily altered Indiana’s public meeting and records access laws for two weeks (through April 7). Gov. Holcomb’s guidance requires all public agencies to limit meetings to those essential for operations and for issues related to health, safety, and COVID-19 response efforts.

Iowa. As part of an additional emergency proclamation, Gov. Kim Reynolds suspended all Iowa laws that prevent the use of electronic meetings or the limitation on the number of people present at an in-person meeting site.

Kansas. Attorney General Derek Schmidt issued a “best practices” guide to public bodies and agencies that must implement Kansas’s Open Meetings Act regulations. Attorney General Schmidt advised that public bodies should utilize audio or video technology and post online notices describing its intent to meet solely by electronic communication.

Kentucky. Attorney General Daniel Cameron concluded that Kentucky’s Open Meetings Act excuses agencies from participating in a meeting from one location, issuing an opinion that public agencies “should precisely identify a website, television station, or other technological means by which the public may view a meeting conducted under [Kentucky’s Open Meetings Act] until the conclusion of the state of emergency.”

Louisiana. Attorney General Jeff Landry interpreted Louisiana’s Constitution to allow suspension of its Open Meetings Law during an emergency. This means that quorum requirements still apply, but according to the Governor’s emergency proclamation, all public bodies may attend essential government meetings via audio or videoconference during the COVID-19 emergency.

Maryland. Attorney General Brian Frosh provided informal guidance addressing the state’s Open Meetings Act, saying that public bodies are permitted to meet by teleconference so long as the public can listen. The guidance highlighted that it is based on past opinions of the Compliance Board and does not predict how the Board or courts might apply the Act in any particular matter.

Massachusetts. On March 12, Gov. Charles Baker suspended certain provisions of the Commonwealth’s Opening Meeting Law, ordering public bodies to make provisions to ensure public access to deliberations through adequate, alternative means that include audio or videoconferencing and any other technology that enables the public to clearly follow its proceedings.

Michigan. On March 24, Gov. Gretchen Whitmer issued Executive Order 2020-15 temporarily authorizing remote participation in public meetings and hearings, but stressing that public bodies must continue to conduct public business during the COVID-19 emergency. The authorization continues until April 15.

Minnesota. Gov. Tim Walz’s stay-at-home order authorized townships to use audio and videoconferencing for any meeting under the circumstances described in Minnesota’s open meetings law.

Missouri. The Missouri legislature fast-tracked a bill providing for livestreaming public meetings via the internet while a declared state of emergency is in effect. Attorney General Eric Schmitt issued guidance on Missouri’s existing sunshine law the day after introduction of the bill, interpreting the current law to allow audio and videoconferencing.

Montana. Attorney General Tim Fox issued a letter of advice interpreting Gov. Steve Bullock’s various COVID-19-related directives, Montana’s Constitution, and its open meetings law to conclude that public meetings could be held remotely. However, the corresponding guidance also encourages public bodies to cancel non-essential meetings and limit meetings to critical items only.

Nebraska. Attorney General Doug Peterson issued guidance on Gov. Pete Ricketts’s Executive Order No. 20-03, which provided a limited waiver to the Nebraska Open Meetings Act that permits public bodies to meet by audio and videoconferencing or via other telecommunications applications so long as public access to the meeting is provided. Attorney General Peterson answered local government officials’ questions, clarifying that the waiver leaves all other provisions of the Open Meetings Act intact such that public bodies should not suspend public access to any meetings.

New Hampshire. Gov. Christopher T. Sununu issued Emergency Order No. 12 pursuant to Executive Order No. 2020-04 that provides public bodies are “permitted and encouraged to utilize [] emergency meeting provisions of [the open meetings law] to conduct meetings through electronic means.” Emergency Order No. 12 waived the physical location requirement for the duration of the state of emergency so long as the public body provides public access, notice, and a mechanism to alert the public of problems during the meeting, and that the body adjourn if the public is unable to access the meeting.

New Jersey. On March 16, the New Jersey legislature passed legislation that would allow public bodies to conduct meetings and provide notice by electronic means during periods of emergency. The bill also allows public bodies to cast votes electronically and remotely during periods of emergency.

New Mexico. Attorney General Hector Balderas issued guidance to public entities that the “most prudent thing to do to ensure compliance with [the Open Meetings Act] would be to postpone/cancel a public meeting.” The board or commission may, however, proceed with a virtual meeting if the matter is time sensitive.

New York. Gov. Andrew M. Cuomo extended Executive Order No. 202 with EO 202.1 that suspends or modifies certain laws to include New York’s Public Officers Law. Under EO 202.1, public bodies are authorized to meet by conference call or similar service so long as the public has access to that meeting, and the meeting is recorded and later transcribed.

North Carolina. Attorney General Josh Stein’s office issued an advisory letter stating that local governments could conduct necessary meetings via electronic communication because North Carolina’s Open Meetings Laws do not expressly prohibit doing so. Local governments, however, are encouraged to postpone meetings that are not necessary for immediate ongoing governance.

North Dakota. Attorney General Wayne Stenehjem advised that the “decision whether to hold a meeting rests with the public entity,” noting that some meetings may be canceled or postponed. Attorney General Stenehjem highlighted that the state’s open meetings law still requires an accessible physical location, but an agency can provide additional means (call-in numbers, real time/livestreaming) for the public to attend or observe.

Ohio. On March 13, Attorney General Dave Yost advised school boards, city councils, and other local legislative bodies that under a “very limited fact pattern,” like the prolonged period of social distancing during the COVID-19 public health emergency, “there may be a basis for local public bodies to use electronic means to meet and comply with the [State’s Open Meetings Act].” On March 16, the Ohio House introduced House Bill 557 to allow public bodies to meet by videoconference during a health emergency.

Oklahoma. The Oklahoma legislature approved and Gov. Kevin Stitt signed new legislation that temporarily revises the State’s Open Meetings Act to allow agency members and the public to participate in public meetings via audio and videoconference. This legislation has a sunset date of March 1, 2021.

Oregon. Oregon’s Public Meetings Law already provides that a public body may conduct a meeting by telephone or other electronic means (ORS 192.670).

Pennsylvania. Recently, the Pennsylvania House unanimously voted 198-0 to change the Commonwealth’s open meetings law to allow public participation via a telecommunication device “to the extent possible.” In addition, agencies must notify the public in advance of plans to hold meetings under the special rules, and the meeting must be livestreamed, recorded, or, at minimum, that draft minutes be made available within 48 hours of the meeting’s conclusion.

Rhode Island. On March 16, by executive order, Gov. Gina Raimondo relieved public bodies from the prohibitions regarding use of telephonic or electronic communication to conduct meetings in the State’s Open Meetings Act.

Tennessee. On March 20, Gov. Bill Lee issued Executive Order No. 16 suspending part of the state’s open meetings law to allow public bodies to meet and conduct essential business by electronic means. The Order remains in effect until May 18, 2020.

Texas. On March 16, Gov. Greg Abbott approved Attorney General Ken Paxton’s request to temporarily suspend a limited number of open meeting laws in response to COVID-19. The Governor’s action allows “government bodies to conduct meetings by telephone or video conference to advance the public health goal of limiting face-to-face meetings.”

Utah. The Utah Senate and House recently passed a bill to modify legislative rules to allow the legislature to meet electronically in special sessions or interim meetings during emergencies.

Vermont. Attorney General T.J. Donovan advised that the State’s Open Meeting Law still requires a physical location for all meetings of a public body, including those with electronic attendance – at least one member of the public body or a staff member must be present in the physical location even if all other members of the quorum attend electronically. The Vermont Senate is considering a bill that would temporarily allow public meetings to occur electronically without a designated physical location as long as the public can attend by electronic means.

Attorney General Mark Herring issued an opinion interpreting Virginia’s sunshine laws, finding that local governments could conduct public meetings via audio or videoconference only if the meeting is related to the emergency that is the subject of the Governor’s emergency declaration.

Washington. As an early state to declare emergency, Attorney General Bob Ferguson provided guidance on March 6, to public bodies that they first consider whether a meeting can be cancelled or rescheduled, but a physical location is still required. However, this guidance permitted agencies to evaluate additional means for public attendance, referencing the possibilities of utilizing real time streaming or audio and videoconferencing.

West Virginia. The Ethics Commission recently issued an opinion responding to various Open Meetings Act compliance inquiries. Referring to a 1999 opinion, the Commission advised that “[f]or emergency, special or regular meetings, a governing body may meet telephonically or via live audio or visual stream if members of the public may also attend.”

Wisconsin. Attorney General Josh Kaul published the Wisconsin Department of Justice’s Office of Open Government advisory statement that explained governmental bodies could conduct meetings via audio or videoconference “if the public is provided with an effective way to monitor such calls.” The Wisconsin Department of Justice suggested that not all routine business may continue via electronic communication.

The North Carolina Insurance Commissioner recently published a Frequently Asked Questions document clarifying its order, amended order, and bulletin issued over the past week, which require debt collection agencies to give North Carolina consumers the option of deferring debt payments for a period of 30 days from the due date of payment.

While an analysis of the provisions is available here, the FAQ clarified the following information:

  • How does the order apply to collection agencies? “The Bulletin and Order applies to ALL debts not only insurance debt.”
  • Do collection agencies have to proactively reach out to consumers to make them aware of this deferral option? No, “it is up to the customer to take the necessary steps to contact the collection agency to discuss their options.”
  • If a collection agency contacts an individual about repayment, does the agency have to communicate this deferral option? Yes, “[i]f the collection agency contacts the customer to discuss repayment, the agency must advise the customer of the option to defer the payment for 30 days.” However, the customer must state his or her desire to exercise this deferral option. The deferral option does not start automatically upon notification of this option to a consumer.
  • If a consumer elects to defer payments, which activities are suspended?


    • “All debt pursuits and collection activities should cease,” including “transmission of notices of action, any payments which are currently in collection, including those where a payment schedule has been set-up, and time limits imposed by statute.”
    • “Not just payments are deferred; ANY collection activity should cease for 30 days.”
    • Late fees, penalties, or additional fees may not be applied.
  • Do recurring payments have to stop? No, collection agencies do not need to affirmatively communicate this deferral option. However, collection agencies must inform consumers of this deferral option during any communication. Recurring payments may continue until a consumer affirmatively communicates that he or she wishes to exercise the deferral option.
  • Do law firms collecting on the accounts fall under the definition of a collection agency? No, NCGS § 58-70-15(c)(8) specifically exempts “[a]ttorneys-at-law handling claims and collections in their own name and not operating a collection agency under the management of a layman” from the definition of a collection agency. However, if the law firm is representing insurance companies to collect on insurance contracts or policies, then the firm must delay collection activities during the deferral period.
  • When does the order expire? April 26, 2020.

Recognizing the impact of the coronavirus (“COVID-19”) health crisis, the North America Collection Agency Regulatory Association (“NACARA”) recently released a message offering information and guidance to consumers, financial institutions, including debt buyers and collection agencies, and fellow regulators.

Consumers and Commercial Debtors

Noting that many consumers and commercial debtors may face difficulties in repaying accounts placed with debt collectors, NACARA suggested that individuals contact any collection agencies that are servicing an account as soon as possible. While collection agencies are able to provide a variety of payment assistance options, including deferral of payments, NACARA stressed that a collection agency can offer these options to a consumer or a commercial debtor only if the entity establishes an open line of communication with the collection agency.

Regulated Entities

In the same vein of encouraging consumers and commercial debtors to reach out to their collection agencies, NACARA encourages collection agencies to help those who get in contact because they are facing difficulties due to the health crisis. NACARA suggested that, “[a]t minimum, regulated entities should take reasonable steps in an attempt to offer assistance to all consumers and commercial debtors who have suffered a loss of income due to this emergency or have otherwise experienced impacts that could affect their ability to repay their debts.”

Specifically, NACARA states that businesses should immediately consider:

  1. forgoing the credit reporting of payment information during the health emergency, or modify the credit reporting of payment information to consumer reporting agencies in a manner that minimizes the impact of delinquent payment on credit histories;
  2. offering modifications, forbearances, or other options to allow consumers and commercial debtors to reduce and/or defer payments;
  3. ensuring customers are provided options to make timely inquiries, manage their accounts, and make payments, even if there is a reduction in the collection agency’s staff;
  4. reaching out to customers proactively to provide information on available assistance; and
  5. ensuring that all customer-facing staff are fully informed regarding any assistance available and are proactive in informing customers of such.


In addition to encouraging regulated entities to ease the impact of the health crisis on consumers and commercial debtors, NACARA likewise encouraged member regulators to recognize that regulated entities are facing the same crisis. Because many regulated entities are affected by state laws, regulations, and executive agency orders that limit the ability of employees of such entities to work from home during the health crisis, NACARA called for regulators to provide guidance to regulated entities with respect to the issue. Specifically, NACARA suggested that the following restrictions could be imposed when authorizing remote work arrangements:

  1. a prohibition on the storage of records created relating to collection agency activities at the remote work location;
  2. a requirement that the records created as part of collecting an account are being entered remotely into an electronic system housed at a licensed location; and
  3. a requirement that no payments on an account are received at the remote work location.

In addition to suggesting this guidance, NACARA urged regulators to be sensitive to the fact that collection agencies may be facing significant difficulties in supporting the staff necessary to serve customers during the health crisis. Pointing out reduced staff sizes and/or employees working from home, NACARA stressed that regulated entities may face difficulties in addressing agency requests and filing required reports in a timely manner and encouraged regulators to remain flexible and lenient, and not to take unnecessary punitive action if due dates are not met.

In sum, NACARA’s message encourages understanding, flexibility, and communication between parties at every level of the collection industry in light of the COVID-19 health crisis. By encouraging communication between consumers and commercial debtors and collection agencies, encouraging collection agencies to lessen the impact of the health crisis on consumers and commercial debtors, and imploring regulators to issue guidance allowing regulated entities to adapt to this uncertain time, NACARA has provided a suggested path forward for all involved in the collection industry during the COVID-19 health crisis.