Dear Mary,

I am the privacy compliance officer at a cloud-based software company. We recently experienced an incident where, although none of our client’s data was compromised, it appears that our employees’ information may have been copied and removed from our environment. This information includes employees’ full names, salaries, and salary schedules. All of our employees reside in California, and given the CCPA’s broad definition of personal information, I am assuming notification will be required?

– Frowning in Fresno

After several attempts in the Missouri legislature, last week Governor Mike Parson signed a Commercial Financing Disclosure Law. This legislation requires certain disclosures to be made by providers of commercial purpose closed-end and open-end loans, and sales-based financing transactions. The law will take effect six months after the Division of Finance finalizes promulgating rules or on February 28, 2025, if the Division does not intend to promulgate rules.

In this inaugural episode of Moving the Metal, Troutman Pepper attorneys Brooke Conkle and Chris Capurso examine the major requirements of the FTC’s proposed CARS Rule. After a refresher on the rule’s requirements, Brooke and Chris discuss the current status of the litigation surrounding the rule, including a discussion of the briefs and data submitted by the FTC and the trade groups fighting the rule. Tune in as Brooke and Chris look under the hood to examine the FTC’s fine print and where the rule currently stands in the courts, helping your auto finance company avoid regulatory pitfalls.

As we predicted here, the Consumer Financial Protection Bureau (CFPB or Bureau) last week proposed new and, in some cases, streamlined rules governing what mortgage servicers must do after a borrower becomes delinquent. The proposed rules incorporate some pandemic-era practices, such as allowing servicers to offer assistance without a comprehensive review of the borrower’s financial situation. According to the CFPB, the new rules would require mortgage servicers to prioritize loss mitigation over foreclosing, reduce paperwork requirements, improve communication with borrowers, and ensure critical information is provided in the borrowers’ preferred language.

As discussed here, on February 3, 2023, an Illinois federal court dismissed a case brought by the Consumer Financial Protection Bureau (CFPB or Bureau) in 2020 against Townstone Financial, Inc., a Chicago mortgage lender, for alleged violations of the Equal Credit Opportunity Act (ECOA). The CFPB had accused Townstone of discouraging prospective African American applicants in the Chicago metropolitan area from applying for mortgages.

On July 5, the California Privacy Protection Agency (CPPA) published a Notice of Proposed Rulemaking regarding Data Broker Registration pursuant to Senate Bill 362 (the Delete Act). The Delete Act requires the CPPA to establish an accessible deletion mechanism. This mechanism allows a consumer, through a single verifiable consumer request, to request that every data broker delete any personal information related to that consumer held by the data broker or associated service provider or contractor. The stated aim of the proposed rulemaking is to clarify and enhance the registration process for data brokers.

In this special crossover episode of The Consumer Finance Podcast and Payments Pros Podcast, Chris Willis and Josh McBeain interview two colleagues who delve into the Consumer Financial Protection Bureau’s (CFPB) recent interpretive rule that classifies buy now, pay later (BNPL) transactions as credit cards. Mark Furletti and Jason Cover explore the implications of this rule under Regulation Z, including the introduction of the term “digital user account” and its impact on BNPL providers. The discussion covers the regulatory requirements, potential challenges for compliance, and the broader legal context, including the possible effects of the Loper Bright case on administrative interpretations. With a July 30 compliance deadline looming, the episode provides critical insights for industry stakeholders navigating this significant regulatory shift.

In this special crossover episode of The Consumer Finance Podcast and Payments Pros Podcast, Chris Willis and Josh McBeain interview two colleagues who delve into the Consumer Financial Protection Bureau’s (CFPB) recent interpretive rule that classifies buy now, pay later (BNPL) transactions as credit cards. Mark Furletti and Jason Cover explore the implications of this rule under Regulation Z, including the introduction of the term “digital user account” and its impact on BNPL providers. The discussion covers the regulatory requirements, potential challenges for compliance, and the broader legal context, including the possible effects of the Loper Bright case on administrative interpretations. With a July 30 compliance deadline looming, the episode provides critical insights for industry stakeholders navigating this significant regulatory shift.

The California Department of Financial Protection and Innovation (DFPI) has once again modified its proposed rulemaking on earned wage access (EWA) products. As discussed here, this spring the Office of Administrative Law (OAL) rejected the proposed regulations for failure to comply with the clarity standard of the Administrative Procedure Act (APA) and failure to follow the required APA procedures. These new modifications attempt to address those concerns.