Photo of Ronald I. Raether, Jr.

Ron leads the firm’s Privacy + Cyber team. Drawing from nearly 30 years of experience, he provides comprehensive services to companies in all aspects of privacy, security, data use, and risk mitigation. Clients rely on his in-depth understanding of technology and its application to their business to solve their most important challenges — from implementation and strategy to litigation and incident response. Ron and his team have redefined the boundaries of typical law firm privacy and cyber services in offering a 360 degree approach to tackling information governance issues. Their holistic services include drafting and implementing bespoke privacy programs, program implementation, licensing, financing and M&A transactions, incident response, privacy and cyber litigation, regulatory investigations, and enforcement experience.

In this episode of The Consumer Finance Podcast, Chris Willis is joined by Partners Ron Raether and Tim St. George to discuss a landmark victory in a major data breach class action multidistrict litigation. The team delves into the details of the successful defense of an attempt at class certification involving a ransomware attack on software provider Blackbaud. This episode highlights the strategic legal maneuvers, team approach, extensive discovery, and expert practices that led to this important industry win. Don’t miss this in-depth case study and learn how the Troutman Pepper team navigated one of the largest and most complex data breach cases in history.

On July 5, the California Privacy Protection Agency (CPPA) published a Notice of Proposed Rulemaking regarding Data Broker Registration pursuant to Senate Bill 362 (the Delete Act). The Delete Act requires the CPPA to establish an accessible deletion mechanism. This mechanism allows a consumer, through a single verifiable consumer request, to request that every data broker delete any personal information related to that consumer held by the data broker or associated service provider or contractor. The stated aim of the proposed rulemaking is to clarify and enhance the registration process for data brokers.

Last week, the U.S. Department of Housing and Urban Development (HUD) issued a Notice of Proposed Rulemaking, seeking public comment on its proposal to amend existing regulations that govern admission to public housing and housing programs for applicants with criminal records and eviction or termination of assistance of persons on the basis of illegal drug use, drug-related criminal activity, or other criminal activity. The proposed rule would require that, prior to any discretionary denial or termination for criminal activity, public housing agencies (PHAs) and assisted housing owners take into consideration multiple sources of information, including but not limited to the recency and relevance of prior criminal activity. The proposed rule also seeks to clarify existing PHA and owner obligations and reduce the risk of violation of nondiscrimination laws.

In this episode of FCRA Focus, hosts Kim Phan and Dave Gettings are joined by Partners Cindy Hanson and Ron Raether to discuss recent CFPB advisory opinions on accuracy in background check reports and the inclusion of data sources in response to consumer file disclosure requests. They delve into the challenges companies face in obtaining accurate information from public record sources and the implications of the CFPB’s guidance for the industry. The conversation also highlights the importance of effective dispute processes and vendor relationships in ensuring compliance. Tune in for insightful commentary on these critical issues in the FCRA compliance environment.

On February 8, the U.S. Supreme Court issued a unanimous decision in Department of Agriculture Rural Development Rural Housing Service (USDA) v. Kirtz, holding that the Fair Credit Reporting Act’s (FCRA) clear statutory text indicates a government agency can be sued for a FCRA violation. The decision resolved a circuit split. The D.C., Third, and Seventh Circuits have allowed FCRA litigation against government agencies, but the Fourth and Ninth Circuits have found governmental immunity prevents such suits.

In Career Counseling, Inc. v. Amerifactors Financial Group, LLC, the U.S. Court of Appeals for the Fourth Circuit upheld a district court’s decision denying class certification in a Telephone Consumer Protection Act (TCPA) case on the basis that the plaintiff failed to satisfy Rule 23’s “implicit further requirement of ascertainability.” The Fourth Circuit also upheld summary judgment against the defendant as to the individual claim finding the defendant was indeed the “sender” of the fax at issue. Each finding is discussed more fully below.

Please join us for a special cross-over episode of FCRA Focus and The Consumer Finance Podcast, where Troutman Pepper Partners Chris Willis, Dave Gettings, Kim Phan, and Ron Raether look at the latest developments in the CFPB’s FCRA rulemaking process. Topics include:

On October 24, the Biden-Harris administration announced amendments to the regulations implementing title IV of the Higher Education Act of 1965 (HEA). According to the fact sheet, the amendments are intended to allow the Department of Education (ED) to better protect students from the negative effects of sudden college closures, restrict colleges from withholding course credits paid for with federal money from students’ transcripts, require colleges to clearly communicate how much financial aid students will receive, and provide a more streamlined process for states to approve postsecondary opportunities for students without a high school diploma or its equivalent. The amended regulations will take effect on July 1, 2024.

On October 30, President Biden issued a sweeping Executive Order calling on Congress to enact privacy laws and directing federal agencies to review existing rules and potentially explore new rulemakings governing the use of artificial intelligence (AI) across various sectors of the U.S. economy. Among other things, the Executive Order will require AI system developers to submit safety test results to the federal government, establish standards for detecting AI-generated content to fight consumer fraud, and develop AI tools to identify and fix vulnerabilities in critical software. According to the White House fact sheet, the stated goal of the Executive Order is to “ensure that America leads the way in seizing the promise and managing the risks of [AI].” To that end, the Executive Order focuses on national security, privacy, discrimination and bias, healthcare safety, workplace surveillance, innovation, and global leadership.

The Delete Act (SB 362), signed into law by California Gov. Gavin Newsom on October 10, imposes additional disclosure and registration requirements on data brokers. It requires data brokers to support deletion requests through a central “deletion mechanism” managed by the California Privacy Protection Agency (CPPA). The law also empowers consumers to request deletion of their personal information from all registered data brokers with a single submission.