On November 10, the Consumer Financial Protection Bureau (CFPB) published a circular, stating that both consumer reporting agencies (CRAs) and furnishers may be held liable under the Fair Credit Reporting Act (FCRA) for failing to investigate disputes, including when they impose what the CFPB views as barriers to the submission of disputes. Specifically, the
In this episode of Unauthorized Access, Kamran and Sadia welcome their firm colleague, Privacy + Cyber Partner and Team Leader Ron Raether, in a discussion on consumer breach notices — specifically from Ron’s perspective as a litigator — and how plaintiff’s counsel can interpret these notices.
Please join Consumer Financial Services Partner Chris Willis and his colleagues Ron Raether and Kim Phan, partners in our Privacy + Cyber Practice Group, as they discuss recent privacy and data security updates in the consumer financial services industry. Topics include:
Your business was hit with a ransomware attack over the weekend, and the critical systems are locked up (i.e., encrypted). To unlock those valuable systems and continue operating the business, the threat actor demands financial payment. After much debate, you and your team decide the business needs to meet the threat actor’s demands
Exemption Extensions Failed. On August 31, California’s legislature ended its 2022 session without adopting legislation to extend the California Consumer Privacy Act (CCPA) employee and business-to-business (B2B) personal information exemptions. In the absence of a special legislative session, these exemptions will expire on January 1, 2023.
History of the Exemptions. Under the current exemptions, covered
Recently, the Ninth Circuit joined its sister circuit, the Eleventh, in vacating class settlements on standing grounds. In Harvey v. Morgan Stanley Smith Barney LLC, the court vacated the district court’s approval of the settlement agreement and remanded with instructions that the district court assess each individual class member for sufficient injury.
The litigation
On August 11, the Consumer Financial Protection Bureau (CFPB) published a circular, answering the question “Can entities violate the prohibition on unfair acts or practices in the Consumer Financial Protection Act (CFPA) when they have insufficient data protection or information security?” with a resounding “yes.” Specifically, the CFPB pointed to three practices — inadequate authorization,
On July 29, New York State’s Department of Financial Services (NYDFS) released draft amendments (Draft Amendments) to its Part 500 Cybersecurity Regulation for financial service companies that, among others things: (1) contain significant changes regarding ransomware; (2) propose a new class comprising larger entities, which will be subject to increased obligations for their cybersecurity programs;
What standard should courts use to determine whether information contained in a consumer’s credit report is inaccurate or misleading? According to the Third Circuit in a recent precedential decision, the standard should be that of the “reasonable reader,” not a “reasonable creditor,” i.e., not an individual or entity sophisticated in the art of reading
To help you keep abreast of relevant activities, below find a breakdown of some of the biggest events at the federal and state levels to impact the Consumer Finance Services industry this past week: