Search auto data

Recently, the District Court of Kansas analyzed the definition of an automatic telephone dialing system (“ATDS”) under the Telephone Consumer Protection Act (“TCPA”) in Hampton v. Barclays Bank Del. The Court concluded the TCPA only applies to equipment that randomly or sequentially generates telephone numbers to be called and does not apply to dialers that call from a list of numbers from a customer database.

Hampton’s complaint alleges Marketplace Loan Grantor Trust, Series 2016-LD1 (“Marketplace”) used an ATDS to call his cell phone without consent regarding his personal loan. Marketplace hired First Associates Loan Servicing, LLC (“First Associates”) to service the debt. First Associates uses a cloud-based calling system that does not use a random number generator or sequential number generator, nor does it have the capacity to do so. Rather, First Associates’ system uses phone numbers generated from a customer database. Moreover, the system does not use recorded messages or artificial voices, but rather live representatives make the calls.

Marketplace argued that since First Associates calling system did not use a random or sequential number generator, nor does it have the capacity to store numbers, the system was not an ATDS. Hampton argued that the calling system merely needed to have the capability for automatic dialing but had no proof First Associates’ system had such. Moreover, Hampton cited Marks v. San Diego Crunch from the Ninth Circuit, stating a device that can automatically dial numbers stored in a list, rather than numbers randomly or sequentially generated, is considered an ATDS. The Court concluded the TCPA does not apply to dialers that call from a list of numbers from a customer database for several reasons.

First, the Court agreed with the Seventh and Eleventh Circuits’ textual analysis of the TCPA’s definition of an ATDS. The TCPA defines an ATDS as “equipment which has the capacity-(A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers.” These courts decided the phrase “using a random or sequential number generator” modifies both “store” and “produce.” Producing numbers by using a random or sequential number generator excludes devices that solely dial numbers stored in a customer database. The Court contrasted Marks which didn’t reach a conclusion on the statutory language due to its ambiguity.

Next, the Court again agreed with the Seventh and Eleventh Circuits as to why the analysis in the Ninth Circuit regarding TCPA exemptions is not persuasive. The Court explains that it doesn’t make sense for the statute to exempt from liability calls to consenting recipients or calls about debts owed to the federal government if the statute was meant to cover exclusively randomly or sequentially generated numbers. The Court states the TCPA makes callers liable if they make calls using an ATDS or an artificial or prerecorded voice. So, using an artificial or prerecorded voice explains the exemptions.

The Court also notes the legislative history supports the interpretation that Congress wanted the statute to eradicate machines that dialed randomly or sequentially generated numbers. Marks never discusses the statute’s legislative history in this context.

Lastly, the Court stated the argument that Congress declined to amend the statute in 2015 after the FCC’s Order implied tacit approval of the Order is not convincing. The Court specified that congressional failure to act does not necessarily reflect approval of the status quo. At the time Congress amended the TCPA in 2015, the FCC’s interpretation of the law wasn’t settled.

There is a long history regarding the ever-changing definition of what constitutes an ATDS under the TCPA. This ruling from a Kansas court is consistent with the Third, Seventh, and Eleventh Circuits where a device that exclusively dials numbers in a database does not qualify as an ATDS for the purposes of the TCPA. In contrast, the Ninth and Second Circuits ruled that a system which stores phone numbers and dials them automatically presents a genuine issue of material fact whether that system is an ATDS.

This is yet another case decided before the U.S. Supreme Court hears its case in Facebook v. Duguid which will determine, whether an ATDS includes any device that can store and dial stored numbers.

Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

To help you keep abreast of relevant activities, below is a breakdown of some of the biggest COVID-19 driven events at the Federal and State levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • During the week of August 24, 2020, the Consumer Financial Protection Bureau (CFPB) updated pages relating to student loans and its guidance on protecting credit during COVID-19. The CFPB reminds consumers that “principal and interest payments on federally-held student loans are automatically suspended through December 31, 2020.” Additionally, the CFPB recently released additional resources for Spanish speakers, which can be viewed here.
  • On August 28, 2020, the U.S. Treasury Department and Internal Revenue Service (IRS) released guidance on President Donald Trump’s memorandum of August 8, 2020, which directed the Secretary of the Treasury to defer certain payroll taxes. The guidance allows employers to defer withholding and paying the employee’s portion of the Social Security payroll tax if the employee’s wages are below a certain amount. For more information, click here.
  • On August 27, 2020, the Federal Housing Finance Agency announces it would extend the eviction moratoriums on single-family foreclosures and real estate owned (REO) properties from August 31, 2020 to December 31, 2020. The moratorium only applies to Enterprise-backed, single-family mortgages. The REO eviction moratorium applies to Enterprise-acquired properties through foreclosure or deed-in-lieu of foreclosure transactions. For more information, click here.
  • On August 27, 2020, the FTC reminded consumers that payday loans, especially as consumers struggle financially with the effects of COVID-19, may hurt more than the loans help. These short term loans tend to get extremely expensive, very quickly, “sometimes charging annual percentage rates of as much as 500-700%.” To read the full report, click here.
  • On August 24, 2020, the Department of Veterans Affairs (VA) issued Circulars extending eviction and foreclosure moratoriums for borrowers on properties secured on VA-guaranteed loans from August 31, 2020 to December 31, 2020. For more information, click here and here.

State Activities:

  • On August 26, 2020, the New York City Department of Consumer Affairs (DCA) issued new debt collection rules related to limited English proficiency servicing, which took effect June 27, 2020. Due to the COVID-19 crisis, the DCA provided the industry with a 60-day enforcement grace period until August 26, 2020. The DCA has now extended this enforcement grace period until October 1, 2020. For more information, click here.
  • On August 21, 2020, Illinois Governor J.B. Pritzker extended Executive Order 2020-25, which includes limits on garnishments and wage deductions. The limitations are now in effect until September 19, 2020. For more information, click here.
  • On August 21, 2020, the Connecticut Department of Banking extended its no-action memo to address branch licensing issues through 2020. The no-action memo concerns the requirement that any Connecticut licensable activity by a Consumer Credit Licensee be conducted from a licensed branch office location so long as certain criteria are met. The no-action position is extended through December 31, 2020. For more information, click here.
  • On August 20, 2020, the California Assembly Appropriations Committee ordered a second reading of the Debt Collection Licensing Act (SB 908), which would require debt collectors and debt buyers to obtain a license from the California Department of Business Oversight (DBO) to collect on debts in the state. For more information, click here.

Privacy and Cybersecurity Activities:

  • On August 28, 2020, the Federal Trade Commission (FTC) provided parents with seven considerations to secure their home systems as kids begin school from home. The FTC offers several tips, ranging from updating software to ensuring privacy and security tools are enabled. To read the full report, click here.
  • On August 28, 2020, the FTC warns consumers that the recent rise in offers relating to COVID-19 are scams. Many of these offers are shared on WhatsApp or Facebook. The messages appear to be from several prominent United States brands. Consumers are reminded not to click any links, delete the messages, and call friends who may have shared the message. Click here to read the full notification.
  • On August 26, 2020, the FTC shared that the agency is “collecting data, watching the numbers, and spotting the trends” relating to scams in connection to COVID-19. The FTC has received more than “175,000 COVID-19-related reports about fraud, identity theft, Do Not Call, and other consumer protection problems.” For those interested in learning about trends specific to their communities, click here. To read the full post shared by the FTC, click here.
  • On August 25, 2020, BU Today reported that Boston University would not be notifying professors if students test positive for COVID-19. The University shared that it would not inform professors because the University wishes to protect student privacy. To read the full report, click here.
  • On August 25, 2020, it was reported that higher education institutions are struggling with how to collect and share COVID-19 related data. Universities appear to be struggling with conflicting regulations, such as those under the Clery Act (where universities receiving federal funding must disclose threats to campus safety) and the Health Insurance Portability and Accountability Act (requiring that personal health data and student records are protected). To read the full report, click here.
  • On August 24, 2020, reports discussing how researchers “developed a way for a fully wireless system to monitor not only the movement and vital signs contact-free, but also to track activities” without using video. Researchers sought to create a system of tracking that would be more privacy-preserving. The system may support long-term care and assisted living facilities, trying to fight COVID-19’s spread. Click here to read the report.
  • On August 24, 2020, the Centre for Information Policy Leadership (CIPL), a global privacy and security think tank, published a paper outlining privacy lessons related to COVID-19. The paper offered several considerations that can be put toward a U.S. privacy framework. They are:
    • Personal data is essential infrastructure;
    • Artificial intelligence applications are especially essentials;
    • Privacy is one of many fundamental rights;
    • Traditional interpretations of principles of data protection have proven insufficient to provide adequate protection;
    • The focus on collection of data is less important than the use of data after collection;
    • With less reliance on consent, we must develop and use a wider variety of tools to move to an accountability-based model of data protection; and
    • The most helpful approach to ensuring privacy in the U.S. will be comprehensive privacy legislation at the national level.

To read the full paper, click here.

  • It was recently reported that the FBI is investigating a data breach that may have compromised the identity of individuals who have tested positive for COVID-19 in South Dakota. The letter from the state agency said, “the files didn’t include any financial information, Social Security numbers or passwords.” To read the full story, click here.

On August 6, 2020, President Trump issued two executive orders banning widely used Chinese social media services TikTok and WeChat. Citing national security concerns due to the applications’ abilities to automatically capture the personal information of U.S. citizens, censor content “that the Chinese Communist Party deems politically sensitive” and spread “disinformation campaigns that benefit the Chinese Communist Party,” the executive orders prohibit all individuals and entities subject to the jurisdiction of the U.S. from carrying out “transaction[s]” with TikTok’s parent company and its subsidiaries, and WeChat’s parent company Tencent Holdings Ltd. and its subsidiaries. The orders came on the heels of the Committee on Foreign Investment in the U.S.’s (CFIUS) announcement that TikTok was under review for national security concerns.

The executive orders do not yet define “transactions” and leave unclear to whom the orders apply. These ambiguities have caused many to believe that the orders would not only prohibit doing business with TikTok and WeChat, but also apply to popular video game companies, as Tencent is the 100% stakeholder of Riot Games (maker of League of Legends), an 84% stakeholder of Supercell (maker of Clash of Clans), a 40% stakeholder of Epic Games (maker of Fortnite), a 37% stakeholder of Huya, Inc. (which provides a video game live-streaming service) and a 5% stakeholder of Activision Blizzard and Ubisoft.

While a White House official told the Los Angeles Times that the executive order banning WeChat would only apply to transactions related to WeChat, no official statement has been made, and with the order giving the Secretary of Commerce the power to define the transactions in question within 45 days after the date of the order, there is still room for the administration to go after the video game companies. Additionally, with the term “subsidiaries” not defined in the orders, it is possible that even companies Tencent has invested in, such as Snap, Spotify and Universal Music Group, may be affected.

The effect of the order banning WeChat is also uncertain given Tencent’s announcement that it has plans to grow its stake in Huya, after proposing to merge Huya with DouYu International Holdings Ltd., a Chinese video game live-streaming service, to become a leader in the gaming and e-sports market. Tencent’s announcement was made on August 10, 2020, just four days after the order was issued.

Both executive orders are issued under the International Emergency Economic Powers Act (IEEPA) (50 U.S.C 1701 et. seq.), the National Emergencies Act (50 U.S.C. 1601 et seq.) and 3 U.S.C. 301 (which provides the President with the power to designate and empower the head of any department or agency in the executive branch). The orders also refer to Executive Order 13873, issued on May 15, 2019, which conferred the authority to regulate the acquisition and use of information and communications technology and services from a “foreign adversary” to the Secretary of Commerce.

Both executive orders will take effect 45 days from the date of the orders, appearing to give TikTok leeway to be acquired by Microsoft, which confirmed that it is in talks to buy parts of the video-sharing mobile application. Microsoft has stated that it will complete such discussions by September 15, 2020, the date President Trump set as the deadline for TikTok to find a U.S. buyer. Microsoft’s purchase of TikTok would allow for all personal information of American users to be transferred to and remain in the U.S.

In addition to the executive orders, the President’s Working Group on Financial Markets released recommendations on protecting U.S. investors from significant risks from Chinese companies, which among other things, recommends that the U.S. Securities and Exchange Commission require enhanced listing standards for companies with Chinese ownership. The executive orders and the recommendations are just a preview of the increased scrutiny to come on transactions with Chinese companies, especially those collecting data from U.S. citizens. Entities doing business with such Chinese companies should pay close attention to additional restrictions that are to come as tensions between the U.S. and China heighten, and act prudently, not expanding their relationships in China without having the ability to terminate such relationships if and when the U.S. government imposes those additional restrictions.

Like most industries today, Consumer Financial Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

To help you keep abreast of relevant activities, below is a breakdown of some of the biggest COVID-19-driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On July 17, 2020, the Consumer Financial Protection Bureau (CFPB) announced that it issued a Compliance Assistance Statement of Terms Template (CAST Template) under its Compliance Assistance Sandbox (CAS) Policy to Build Commonwealth, Inc (Commonwealth). Employers interested in creating an automatic savings program as a way for employees to build emergency savings and increase their financial resiliency would be able to use the CAST Template as the basis for an application. Under these programs, employees would be able to build emergency savings by directing a portion of their earnings to an existing account at a financial institution of their choice. For more information, click here.
  • On July 17, 2020, the Federal Reserve Board modified the Main Street Lending Program to provide greater access to credit for nonprofit organizations such as educational institutions, hospitals, and social service organizations. The Federal Reserve Board approved two new loan options to provide support to a broad set of nonprofit organizations that were in sound financial condition prior to the pandemic. The Main Street nonprofit loan terms mirror those for Main Street for-profit business loans, including the interest rate, principal and interest payment deferral, five-year term, and minimum and maximum loan sizes. For more information, click here.
  • On July 16, 2020, the CFPB issued an updated Complaint Bulletin, analyzing more than 8,000 complaints it received from January through May 2020 that mention COVID-19 or related terms. The bulletin shows that “mortgage,” “credit card,” and “credit or consumer reporting” concerns top the list of complaints the CFPB has received. For more information, click here.
  • On July 15, 2020, the Federal Reserve Board announced an extension of a rule change to bolster the effectiveness of the Small Business Administration’s (SBA) Paycheck Protection Program (PPP). The extension will temporarily modify the board’s rules so that certain bank directors and shareholders can apply to their banks for PPP loans for their small businesses. The SBA has prohibited banks from favoring a PPP loan application from a director or equity holder. The rule is effective immediately and will be in place while the PPP is active. For more information, click here.
  • On July 13, 2020, the U.S. Department of Labor announced the award of one Dislocated Worker Grant (DWG) totaling $3 million to help address the workforce-related impacts of the COVID-19 public health emergency. This award is funded under the Coronavirus Aid, Relief and Economic Security (CARES) Act, which provided $345 million for DWGs to prevent, prepare for and respond to COVID-19. For more information, click here.
  • On June 30, 2020, Fannie Mae updated its “COVID-19 Frequently Asked Questions” as part of an ongoing effort to provide guidance to lenders and servicers in connection with the COVID-19 national emergency. For more information, click here.

State and City Activities:

  • On July 17, 2020, Oakland extended an eviction moratorium through September 30, 2020. The rule prevents landlords from evicting a tenant who failed to pay rent between March 24 and September 30. Tenants have a year to pay back rent from the time it was due. For more information, click here.
  • On July 17, 2020, New York Attorney General Letitia James extended the suspension of debt collection for medical and student debt owed to the state of New York for 30 days, through August 15, 2020. Interest accrual and collection of fees on outstanding state medical and student debt are suspended until August 15 as well. For more information, click here.
  • On July 7, 2020, Pennsylvania Attorney General Josh Shapiro announced that his office has shut down price gouging efforts at Paoli Pharmacy after receiving tips alleging that the store was selling N95 masks in Ziploc bags for as much as $25 per mask. As COVID-19 endures, state attorneys general have been inundated with complaints of price gouging and illegal profiteering on highly sought-after and necessary products. For more information, click here.
  • On July 7, 2020, Chicago Mayor Lori E. Lightfoot announced that the city of Chicago had lifted a temporary suspension on debt collection practices and non-safety-related citations and impounds, as well as penalties for late payments. The order pertains only to a debt owed to the city of Chicago. For more information, click here.
  • On July 6, 2020, New York state courts in the 4th and 8th Judicial Districts were added to the list of districts cleared to operate at Phase 4 of the state’s economic reopening plan. Earlier on July 1, 2020, the 5th, 6th, and 7th Judicial Districts entered Phase 4 of the plan. Courts in the 3rd and 9th Districts, and the 10th District on Long Island, continue to operate at Phase 3 of the state’s reopening plan and await approval for the transition into Phase 4. For more information, click here.
  • On July 1, 2020, Delaware Governor John Carney modified an order pertaining to the Declaration of a State of Emergency issued on March 12, 2020. The order is effective immediately, and it addresses a number of issues that impact residential mortgage loan servicers, including restrictions on residential foreclosure and evictions and certain fees or charges. For more information, click here.

Privacy and Cybersecurity Activities:

  • On July 17, 2020, the Payment Card Industry Security Standards Council (PCI SSC) issued a statement revising the implementation date for Security Requirement 18-3 (i.e., Key Block structure management) due to the impact COVID-19 has had on implementations. While Phase 1 implementations became effective on June 1, 2019, Phase 2’s effective date has been modified to January 1, 2023 (changed from June 1, 2021). Phase 3’s effective date has been modified to January 1, 2025 (changed from June 1, 2023). To review the full statement, click here.
  • On July 16, 2020, the U.S. National Security Agency and other intelligence groups released a joint cybersecurity advisory to “expose the malicious activity by [Russian Intelligence Services]” targeting COVID-19 research and vaccine development. The advisory provides system administrators with a variety of tools and information they can use to review and mitigate potential security risks by this government actor. For the full advisory, click here.
  • On July 15, 2020, the U.S. Department & Human Services (HHS) clarified its recent rule change requiring hospitals to report COVID-19 patient information to its central database. Reports were made earlier in the week that the rule change essentially meant that hospitals reporting COVID-19 patient information would indicate the Centers for Disease Control and Prevention (CDC) would be bypassed—likely limiting access to public health data for researchers and reporters. HHS’s June 15 statement clarifies that the rule change does not take “access or data away from the CDC” and is meant only to streamline the collection and dissemination of data as rapidly as possible. The full announcement can be found here.
  • During the week of July 13, 2020, the Federal Trade Commission (FTC) released several resources aimed toward assisting consumers in avoiding COVID-19 related scams.
    • On July 17, the FTC shared general tips for avoiding COVID-19 scams. The advice can be found here.
    • On July 16, the FTC shared information for those having trouble paying credit card bills, and included information meant to avoid credit card scams. Click here to read more.
    • On July 16, the FTC posted tips for avoiding cryptocurrency scams, likely referring to a recent incident involving a large social media company and high-profile individuals. Click here to read more.
    • On July 13, the FTC launched a new online tool for exploring military consumer data. The tool includes information relating to COVID-19 scams and unwanted telemarketing. Click here to read the full announcement.
    • On July 14, the FTC warned consumers not to submit payment to scammers acting as utility companies. The warning includes tips for consumers receiving such calls; click here to read more.

Like most industries today, Consumer Financial Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

To help you keep abreast of relevant activities, below is a breakdown of some of the biggest COVID-19-driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On July 7, 2020, the Federal Reserve Board’s Vice Chair for Supervision and Chair of the Financial Stability Board, Randal K. Quarles, issued a statement regarding post COVID-19 crisis financial reforms. For more information, click here.
  • On July 2, 2020, the U.S. Department of the Treasury announced that American Airlines, Frontier Airlines, Hawaiian Airlines, Sky West Airlines, and Spirit Airlines have signed letters of intent setting out the terms on which a loan would be extended under the Coronavirus Aid, Relief, and Economic Security (CARES) Act. The CARES Act authorizes the Treasury Department to make loans to eligible businesses for losses incurred as a result of the COVID-19 pandemic. For more information, click here.
  • On July 1, 2020, the Federal Deposit Insurance Corporation and the Federal Reserve Board provided information to the eight largest and most complex banking organizations that will guide their next resolution plans, which are due by July 1, 2021. Each resolution plan must describe the firm’s strategy for rapid and orderly bankruptcy proceedings in the event of material financial distress or failure of the firm. Additionally, resolution plans will be required to include core elements, such as capital, liquidity, and recapitalization strategies, as well as how each banking organization has integrated changes to and lessons learned from its response to the COVID-19 emergency. For more information, click here.

State and City Activities:

  • On July 7, 2020, Chicago Mayor Lori E. Lightfoot announced that the city had lifted a temporary suspension on debt collection practices and non-safety-related citations and impounds, as well as penalties for late payments. The order pertains only to a debt owed to the city of Chicago. For more information, click here.
  • On July 6, 2020, New York state courts in the 4th and 8th Judicial Districts were added to the list of districts cleared to operate at Phase 4 of the state’s economic reopening plan. Earlier on July 1, 2020, the 5th, 6th, and 7th Judicial Districts entered Phase 4 of the plan. Courts in the 3rd and 9th Districts, and the 10th District on Long Island, continue to operate at Phase 3 of the state’s reopening plan, and await approval for the transition into Phase 4. For more information, click here.
  • On June 30, 2020, Nevada Governor Steve Sisolak lifted the state’s temporary “stay” on garnishments through July 31, 2020. In its initial emergency directives, Nevada included collection agencies in the non-essential business categories. For more information, click here.
  • On June 29, 2020, Colorado Governor Jared Polis signed a bill that establishes a moratorium through November 1, 2020, on “extraordinary” collection activities, which is defined as an action in the nature of a garnishment, attachment, levy, or execution to collect or enforce a judgment on a debt as defined under the state’s Fair Debt Collection Practices Act. For more information, click here.
  • The California state legislature is debating a bill that would revise the definition of an automated telephone dialing system, and give consumers additional power to revoke consent to be contacted beyond the restrictions that currently exist in the Telephone Consumer Protection Act. The new bill defines “automatic dialing-announcing devices” as equipment that stores and automatically calls or sends text messages to phone numbers without significant human involvement in the act of calling or sending the prerecorded voice messages or prewritten text messages. The bill would also repeal the authorization for using these devices to make calls to consumers for which an established business relationship exists. For more information, click here.

Privacy and Cybersecurity Activities:

  • On July 10, 2020, the Federal Trade Commission (FTC) shared guidance for small business owners to help better protect critical assets against common scams and cyber-attacks. This guidance is of particular importance for small businesses that may have recently been forced to depend on reaching customers through virtual means. Check out the FTC’s post here. Also, be sure to check out the cybersecurity videos referenced in the post, which can be found here.
  • On July 6, 2020, the Federal Bureau of Investigation (FBI) announced that it has seen a spike in fraudulent unemployment insurance claims related to the COVID-19 pandemic, using stolen personally identifiable information (PII) of individuals from various states. The personal information is thought to have been obtained through the use of information from “online purchase of stolen PII, previous data breaches, computer intrusions, [and] cold-calling victims while using impersonation accounts[.]” The FBI advises the public to be on the lookout for:
    • Communications regarding unemployment insurance forms when you have not applied for unemployment benefits
    • Unauthorized transactions on your bank or credit statements related to unemployment benefits
    • Any fees involved in filing or qualifying for unemployment insurance
    • Unsolicited inquires related to unemployment benefits
    • Fictitious websites and social media pages that are mimicking those of government agencies.

To read the full statement, click here.

  • The FTC recently released the agenda for its annual PrivacyCon event, which will take place online due to the ongoing COVID-19 pandemic. The FTC announced the event would focus on the “privacy of health data collected, stored, and transmitted by mobile applications[.]” PrivacyCon will be organized into six sessions:
    • Session 1: Health Apps;
    • Session 2: Bias in AI Algorithms;
    • Session 3: The Internet of Things;
    • Session 4: Specific Technologies: Camera/Smart Speakers/Apps;
    • Session 5: International Privacy; and
    • Session 6: Miscellaneous Privacy/Security.

To view the full agenda, click here. For those interested in attending this year’s PrivacyCon, click here.

Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (“COVID-19”). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

Please join us for a complimentary webinar on Wednesday, August 26, 2020 at 2:00 p.m. ET. An invitation will be sent to you.

To help you keep abreast of relevant activities, below is a breakdown of some of the biggest COVID-19 driven events at the Federal and State levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On July 2, 2020, the U.S. Department of the Treasury announced that American Airlines, Frontier Airlines, Hawaiian Airlines, Sky West Airlines, and Spirit Airlines have signed letters of intent setting out the terms on which a loan would be extended under the Coronavirus Aid, Relief, and Economic Security (CARES) Act. The CARES Act authorizes the Treasury Department to make loans to eligible businesses for losses incurred as a result of the COVID-19 pandemic. For more information, click here.
  • On July 1, 2020, the U.S. Department of the Treasury announced that it intends to make a $700 million loan to YRC Worldwide Inc. (YRC), and that it had reached an agreement with YRC on June 30, 2020, to receive a 29.6% equity stake in the company in connection with the CARES Act loan. For more information, click here.
  • On July 1, 2020, the Federal Deposit Insurance Corporation and the Federal Reserve Board provided information to the eight largest and most complex banking organizations that will guide their next resolution plans, which are due by July 1, 2021. Each resolution plan must describe the firm’s strategy for rapid and orderly bankruptcy proceedings in the event of material financial distress or failure of the firm. Additionally, resolution plans will be required to include core elements, such as capital, liquidity, and recapitalization strategies, as well as how each banking organization has integrated changes to and lessons learned from its response to the COVID-19 emergency. For more information, click here.
  • On July 1, 2020, the Federal Reserve Board released proposed term sheets to expand the Main Street Lending Program to nonprofit entities that were in sound financial condition before the onset of the COVID-19 pandemic. Loans under the Nonprofit Organization New Loan Facility start at $250,000 and are capped at the lesser of $35 million or the nonprofit’s average 2019 quarterly revenue. Loans under the Nonprofit Organization Expanded Loan Facility start at $10 million and are capped at the lesser of $300 million or the nonprofit’s average 2019 quarterly revenue. Under both facilities, the loans have a term of five years, with principal payments deferred for the first two years and interest payments deferred for the first year of the loan. For more information, click here.
  • On July 1, 2020, the Federal Trade Commission (FTC) released data showing that since the beginning of the COVID-19 pandemic, consumers have complained to the FTC in record numbers about problems related to online shopping. The FTC’s latest Consumer Protection Data Spotlight shows that in April and May of 2020, the FTC received more than 34,000 complaints from consumers related to online shopping. More than 18,000 of those complaints related to items that were ordered but never delivered. The most common items reportedly not delivered were facemasks, with other reports including sanitizer, toilet paper, thermometers, and gloves as not received. The FTC directs consumers and businesses to their online portal to learn how to avoid such online scams; also, check out the FTC’s blog post to learn more. To read the full announcement, click here.
  • On July 1, 2020, the FTC released the final agenda for a July 13, 2020, virtual workshop that will seek input on proposed changes to the Gramm-Leach-Bliley Act’s Safeguards Rule, which requires financial institutions to develop, implement, and maintain a comprehensive information security program. For information, click here.
  • On June 29, 2020, the Department of the Treasury and Internal Revenue Service encouraged taxpayers to file their taxes by July 15, or file for an automatic extension of time for October 15. Due to COVID-19, the original tax filing and payment deadline for 2019 was postponed from April 15 to July 15. For more information, click here.

State Activities:

  • On June 29, 2020, Colorado Governor Jared Polis signed a new bill that will limit certain debt collection actions until November 1, 2020, in an effort to support consumers that experienced a COVID-19 financial hardship. This bill, effective immediately, impacts all bank levies and some garnishments. For more information, click here.
  • On June 30, 2020, Nevada Governor Steve Sisolak lifted the state’s temporary “stay” on garnishments, effective on June 30 at 11:59 p.m. In its initial emergency directives, Nevada included collection agencies in the non-essential business categories. For more information, click here.
  • On June 26, 2020, California’s State Senate approved a bill that would mandate the licensing of debt collectors and collection agencies operating within the state. The bill would also prohibit certain collection practices, such as placing a telephone call without disclosing the caller’s identity, expensing long-distance telephone calls, and using obscene or profane language. For more information, click here.

Privacy and Cybersecurity Activities:

  • On July 2, 2020, the Federal Trade Commission (“FTC”) released the agenda for its annual PrivacyCon event, which would take place online due to the ongoing COVID-19 pandemic. The FTC also announced the event would focus on the “privacy of health data collected, stored, and transmitted by mobile applications[.]” PrivacyCon will be organized into six sessions:
    • Session 1: Health Apps;
    • Session 2: Bias in AI Algorithms;
    • Session 3: The Internet of Things;
    • Session 4: Specific Technologies: Camera/Smart Speakers/Apps;
    • Session 5: International Privacy; and
    • Session 6: Miscellaneous Privacy/Security.

To view the full agenda, click here. For those interested in attending this year’s PrivacyCon, click here.

  • On July 1, 2020, the California Attorney General Xavier Becerra issued a statement on the first day of enforcing the California Consumer Privacy Act (CCPA)–despite calls by businesses to delay enforcement due to the COVID-19 pandemic. Attorney General Becerra encouraged every Californian “to know their rights to internet privacy and every business to know its responsibilities.” This statement coincides with the announcement made the day prior: reminding Californians of their rights under the CCPA, discussing how consumers may exercise their CCPA rights, and highlighting the businesses that may be subject to these new requirements. Also, check out Troutman Pepper’s post discussing the CCPA’s enforcement by clicking here.
  • On June 30, 2020, the FTC settled with alleged scammers that it was sending full refunds to people who lost money to a spam email scheme, aimed to “lure consumers into buying work-from-home services.” Following the settlement, the FTC released guidance, including a video, to prepare the public in identifying future scams related to work-at-home services. To read the full June 30 announcement, click here.

On June 30, 2020, the FTC reminded the public to be aware of scammers pretending to be government officials and claiming to make COVID-19 payments. The FTC warns the public that the FTC will “never contact you by phone, email, text message, or social media to ask for your financial information.” To read the full announcement, click here.

On June 16, 2020, the Consumer Financial Protection Bureau (“CFPB”) issued a seven-page FAQ memorandum addressing some of the most critical questions for compliance with the new consumer reporting requirements of the “CARES Act”. In sum, this Compliance Aid:

  • Addresses the specific credit reporting requirements of the CARES Act, including considerations for furnishers when reporting consumers as “current” on open accounts;
  • Clarifies that reporting a consumer is affected by a natural or declared disaster is not a substitute for complying with the CARES Act consumer reporting requirements. The CFPB explains that using these codes, without other changes to the reporting, does not constitute compliance with the CARES Act; and
  • Addresses the CFPB’s guidance that provides temporary and targeted flexibility in the event consumer reporting agencies (“CRAs”) or the furnisher experience challenges as a result of the pandemic in investigating consumer disputes within the statutory timeframes. The CFPB made clear that it expects CRAs and furnishers to make good faith efforts to investigate disputes as quickly as possible.

Background

On March 27, 2020, President Trump signed the CARES Act, which recognized the extraordinary circumstances caused by the global COVID-19 pandemic and the potential impact on the financial well-being of consumers, as well as the operations of consumer lenders and other supervised entities. The CFPB then issued a policy statement on April 1, 2020 to “highlight furnishers’ responsibilities under the CARES Act and inform consumer reporting agencies and furnishers of the Bureau’s flexible supervisory and enforcement approach during this pandemic regarding compliance with the Fair Credit Reporting Act (“FCRA”) and Regulation V.” While the statement was a “non-binding general statement of policy” and not intended to create new obligations beyond the FCRA and the CARES Act, it emphasized that the CFPB intended to consider the circumstances entities faced as a result of the pandemic when taking regulatory action.

That policy statement provided two examples of the CFPB’s “flexible” approach. First, in regard to payment accommodations provided by furnishers to consumers affected by COVID-19, the CFPB encouraged furnishers to work with borrowers and consumers to provide payment relief, noted the requirement to report consumers who were current before the accommodations and who adhere to those accommodations as current despite those accommodations, and stated that “it does not intend to cite in examinations or take enforcement actions against those who furnish information to consumer reporting agencies that accurately reflects the payment relief measures they are employing.”

Second, with respect to the 30-day timing of dispute investigations by CRAs and furnishers, the CFPB noted that it will consider the individual circumstances of each CRA or furnisher in determining compliance, particularly for smaller or less sophisticated lenders, thereby insinuating a less-than-strict approach to the 30-day reinvestigation deadline.

The CFPB’s policy statement was met with criticism, including from consumer advocates as well as state attorneys’ general, as we previously discussed here. The CFPB likely issued the FAQs in response to some of these criticisms and, more importantly, to provide clarity on its compliance and enforcement positions moving forward.

Highlights and Takeaways from the FAQs

The FAQs are presented as one of the CFPB’s “Compliance Aids” (the CFPB’s approach on these guidance documents can be found here). Below are the highlights of the FAQs:

  • FAQ 1: This summarizes the CFPB’s April 1, 2020 policy statement and makes clear that the CFPB “expects furnishers and consumer reporting agencies to make good faith efforts to investigate disputes as quickly as possible, and that absent impediments due to COVID-19, disputes should be resolved under FCRA requirements.”
  • FAQ 2: This deals with the CARES Act requirement that furnishers report as current certain accounts for consumers affected by the COVID-19 pandemic. The CFPB reiterated its individualized approach to enforcement of this requirement, but also made clear it will “not hesitate to take public enforcement action when appropriate against companies or individuals that violate the FCRA or any other law under its jurisdiction.” The agency emphasized in its response that credit reporting accuracy and dispute handling are focuses of the CFPB in its efforts to protect consumers during the COVID-19 pandemic.
  • FAQ 3: This concerns the FCRA’s 30-day reinvestigation requirement and the CFPB’s position on supervision/enforcement of that deadline during the pandemic. The CFPB made clear that, even in providing some flexibility, it will not give CRAs and furnishers “unlimited time”; they must act in “good faith” and conduct “reasonable investigations of consumer disputes” despite the pandemic challenges. The CFPB appeared to focus on smaller CRAs and furnishers that may face “unique challenges” during the pandemic as entities most likely to receive less stringent supervision and enforcement.
  • FAQ 4: This defines an “accommodation” under the CARES Act, which can include “agreements to defer one or more payments, make a partial payment, forbear any delinquent amounts, or modify a loan or contract.” The answer notes that an accommodation includes assistance that is granted voluntarily as well as an accommodation that is required under statute or regulation.
  • FAQ 5: This clarifies the two types of loans that require accommodations under the CARES Act: (1) Federally-backed mortgage loans whose borrower suffers a financial hardship because of the COVID-19 emergency; and (2) Federally-held student loans, which received an automatic suspension of principal and interest payments through September 30, 2020.
  • FAQ 6: This details the consumer reporting obligations of furnishers who provide an accommodation to a consumer.
    • First, if the credit obligation or account was current before the accommodation, and the consumer makes payments as required under the accommodation (or is not required to make payments under the accommodation) during the time period of the accommodation, the furnisher must continue to report the credit obligation or account as current.
    • Second, if the credit obligation or account was delinquent before the accommodation, then during the accommodation the furnisher cannot advance the delinquent status. The CFPB gives the example of an account where the consumer was 30 days past due at the time of the accommodation and notes that the furnisher must not report the account as 60 days past due during the accommodation. Furnishers also must report an account as current if the consumer makes payments to bring it current during the accommodation. For further detail on payment suspensions and furnishing information about Federally held student loans, the CFPB directed readers back to the language in the CARES Act.
  • FAQ 7: This reminds furnishers of their obligation to understand and review all data fields (e.g., payment status, scheduled monthly payments, amount past due) and update their credit reporting appropriately if an account is deemed current pursuant to the CARES Act. The CFPB emphasized that this was part of furnishers’ FCRA obligations related to the accuracy and integrity of the information they furnish.
  • FAQ 8: This makes clear that a furnisher is not in compliance with the CARES Act if it only uses a special comment code indicating that an account is impacted by a disaster or that the consumer’s account is in forbearance. The CFPB emphasized that the furnisher must also take the steps detailed in the above FAQs to ensure that the account is either being reported as current, if it was current prior to the accommodation, or not to advance the level of delinquency, for accounts that were delinquent before the accommodation.
  • FAQ 9: This addresses the reporting of multiple consumer accounts as in forbearance because of a COVID-19 accommodation. The CFPB counsels against placing all accounts for a particular individual in a forbearance status if forbearance has not been requested (or is not relevant to) a specific account.
  • FAQ 10: This concerns furnisher reporting after a CARES Act accommodation ends. The CFPB instructs furnishes to essentially disregard the time period during which the accommodation is pending from a delinquency perspective. If the consumer was current before the accommodation, the account must be placed in current status after the accommodation. And furnishers cannot consider the accommodation time period to advance the delinquency of a consumer.

Additional CARES Act and COVID-19 Resources

Troutman Sanders has previously posted updates on CARES Act compliance in the consumer financial services arena, including on its blog. Specific articles can be found here, here, here, and here.

Troutman Sanders and Pepper Hamilton have developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

The CFPB offers additional resources to help industry comply with credit reporting requirements, as well as provide consumers with up-to-date information and resources to protect and manage their finances during this difficult time. Its COVID-19 resource page can be found here.

There is no shortage of legislation to address the coronavirus (“COVID-19”) pandemic and the emerging contact tracing applications. In late April 2020, Republican senators introduced a bill called the COVID-19 Consumer Data Protection Act that aims to provide consumers more transparency, choice, and control over information collected in connection with COVID-19. Then, in May, Democrats introduced the Public Health Emergency Privacy Act to protect personal information collected in connection with COVID-19. Now, as of June 1, a bipartisan bill—the Exposure Notification Privacy Act (“ENPA”)—is pending in the Senate and aimed at regulating contact tracing apps utilized for disease tracing broadly.

The complete text of the ENPA is accessible here. In a press release describing the ENPA to the public, Senator Maria Cantwell (D-Wash.) said that the “bipartisan bill gives Americans control over their data [and] puts public health officials in the driver’s seat of exposure notification development[.]” Sen. Cantwell introduced the bill with Sen. Bill Cassidy (R-La.), and the bill is co-sponsored by Sen. Amy Klobuchar (D-Minn.).

Key Aspects of the ENPA

The ENPA primarily applies to operators of “automated exposure notification services,” or apps that will automatically notify users when they have been exposed to someone who has tested positive for COVID-19. Like many emerging data privacy laws, the ENPA focuses on expanded consumer rights (e.g., deletion rights, use limitations, data transfer, and service provider restrictions), increased transparency, data minimization, ensuring adequate safeguards to protected covered information, and breach notification requirements.

With respect to increased transparency, the bill requires operators to have a public facing privacy policy that is drafted with easy to understand language that includes, among other things:

  • contact information for the company;
  • categories of data collected and limitations of allowable processing;
  • data transfer practices and the justification for such transfers;
  • description of data minimization practices and retention policies;
  • description of the security practices; and
  • methods for individuals to exercise any of their rights, including consent revocation.

Additionally, the ENPA would require operators to acquire express (opt-in) user consent. The opt-in must be clear and conspicuous, using plain language and prominent headings; it must also be separate from other options or general terms and conditions, and it must include a description of each act or practice for which consent is sought.

Furthermore, the bill makes clear that violations of the ENPA—including deceptive or misleading statements in the privacy policy—will be treated as unfair or deceptive practices under Section 5 of the Federal Trade Commission Act (“FTC Act”).

Enforcement under the ENPA

Section 5 enforcement under the FTC Act typically is carried out by the Federal Trade Commission using a consent decree. Under the ENPA, the FTC is expressly given the power to enforce the law; however, they are not limited to consent decrees and, instead, are given the authority to commence independent litigation. Additionally, the chief law enforcement officer of a state, including any official or agency designated by state law, will have authority to bring an action in the respective state, subject to providing prior written notice to the FTC so that the FTC may have the option to intervene. The bill specifically empowers state attorneys general “to bring a civil action in State or Federal district court to enforce [the ENPA]. Available remedies include injunctive relief, civil penalties, and other monetary relief.”

Key Considerations

It remains to be seen whether the ENPA will garner enough support to be enacted, but its bipartisan support may give it stronger legs to stand, as opposed to the prior two bills aimed at contact tracing app developers. In the meantime, here are some privacy guidelines for developers to consider:

  • Any entity that currently is providing services in connection with a contact tracing app should follow these developing laws closely as they will affect requirements of not only the provider themselves, but also the contracts between such entities and subsequent service providers.
  • In addition to the current proposed laws regarding contact tracing apps, developers should look to the Fair Information Practice Principles to implement privacy by design when engineering COVID-19-related apps. For more information about existing privacy guidelines for COVID-19-related apps, read our primer on Law360.
  • Developers should carefully review how consumer consent is being obtained (if at all) and whether consumers have the means to revoke such consent, if desired. For example, consent by means of a “pre-ticked” box, thereby requiring no clear affirmative action from users to indicate agreement to process their personal information, likely should be avoided.
  • Statements within the privacy policy must be carefully reviewed to ensure that they accurately depict the current practices of the company. The heightened enforcement rights of the FTC and state enforcing officers, particularly attorneys general, during this climate of increased concerns with respect to data practices, makes this an area ripe for enforcement if the law is passed.

For regular updates regarding the impact of COVID-19 and responses thereto, visit the Troutman Sanders/Pepper Hamilton COVID-19 Resource Center.

On June 3, the United States Court of Appeals for the Ninth Circuit held that consent from the intended recipient of calls does not absolve an entity of liability under the Telephone Consumer Protection Act if the entity did not have the consent of the party actually called. This decision aligns with decisions from the Seventh and Eleventh circuits holding that consent of the intended recipient is not sufficient.

In N.L. v. Credit One Bank, plaintiff, through his guardian, brought a claim for violation of the TCPA against Credit One based on allegations that Credit One did not have his prior express consent to contact him using an automatic telephone dialing system. The facts showed that Credit One called plaintiff, an eleven year old boy, 189 times over a four-month period trying to collect on a past due debt of a Credit One customer. However, Credit One was unaware that its customer’s phone number had been reassigned to plaintiff. The district court case was tried and the judge instructed the jury that “[t]he law requires the consent of the current subscriber of the called phone, in this case [plaintiff’s mother], or the consent of the nonsubscriber, customary user of the called phone, in this case, [plaintiff].” Ultimately, the jury returned a verdict for plaintiff, finding that each of the 189 calls violated the TCPA.

On appeal, Credit One argued that it should not be liable to plaintiff “because the party it intended to call (its customer) had given consent to be called, even though the party it actually called had not.” In support of its argument, Credit One relied on the statutory purposes of the TCPA and the policy implications of holding companies that unknowingly call reassigned numbers. The Court did not find these arguments persuasive.

The Court’s analysis focuses on the natural language of the TCPA. The TCPA provides that it is “unlawful for any person . . . to make any call (other than a call made for emergency purposes or made with the prior express consent of the called party) using any automatic telephone dialing system or artificial or prerecorded voice.”

First, the Court highlights that “intended recipient” is not found anywhere in the text of Section 227. The Court then goes on to analyze the use of “called party” throughout Section 227. It notes that “the ‘call’ that is ‘made’ is the call that is received, for it is this received call that provides the basis for the private cause of action and thus civil liability.” The Court notes that it would be odd if the exemption for calls made “with the prior express consent of the called party” refers to a “third person external to the potentially actionable communication,” i.e., the intended recipient.

Moving through Section 227, the Court highlights that 47 U.S.C. § 227(b)(1)(A)(iii) extends the prohibitions of Section 227(b)(A) to “any service for which the called party is charged for the call.” Reviewing this section, the Court notes that an intended recipient would never be charged for a call. Thus, it does not follow that “called party” means intended recipient. The Court also looked at Section 227(b)(2) which directs the FCC to prescribe regulations to implement the TCPA. Section 227(b)(2)(C) allows the FCC “to exempt from liability certain calls ‘that are not charged to the called party.’” Again, the Court emphasizes that a charge would only flow to the individual called, not the intended recipient.

Finally, the Court rejected Credit One’s argument that the FCC’s order creating a one-call safe harbor – which was later vacated by ACA International v. FCC – and the 2018 order approving the creation of a reassigned number database and accompanying safe harbor support a finding that called party should be interpreted to mean intended recipient. The Court found that the FCC orders weigh against a finding that called party means intended recipient because “[i]f a caller’s intent could defeat liability, the safe harbors would be unnecessary.”

This decision signifies another hurdle for TCPA defendants and highlights the need for the comprehensive database detailed in the 2018 FCC order.

In what can only be construed as a strong signal that state attorneys general are looking to focus their efforts on illegal robocalls, a letter signed by every state attorney general and the attorneys general of American Samoa and Puerto Rico was sent to USTelecom, a trade association that represents the interests of the telecom industry, outlining initiatives to identify the sources of illegal robocalls discussed at a meeting earlier this year between the Executive Committee of the Robocall Technologies Working Group for the National Association of Attorneys General and USTelecom. Importantly, USTelecom includes many of the country’s leading telecom providers and participates in the Industry Traceback Group (“ITG”).

The ITG plays an important role in identifying the sources of illegal robocalls. The letter stated that the “partnership between the ITG and the state attorneys general is a crucial one” in the quest to crackdown on illegal robocallers. The letter further encouraged the ITG to expand its capabilities related to tracebacks and said that the state attorneys general “contemplate increases in [their] issuances of subpoenas or civil investigative demands directly to the ITG.”

The priorities for the expansion of the ITG’s capabilities included:

  1. Utilizing a wider variety of call data sources to both diversify and aggregate as much pertinent robocall data as possible;
  2. Analyzing such data to identify past, current, and future illegal robocall campaigns and trends and to better understand the interconnected ecosystem of businesses facilitating illegal robocallers;
  3. Automating traceback investigations and increasing the total volume of such investigations;
  4. Alerting relevant law enforcement agencies, including state attorneys general, of suspected illegal robocall campaigns with sufficient information to trigger investigations;
  5. Enabling law enforcement agencies to upload and receive responses to subpoenas and civil investigative demands electronically;
  6. Providing swift and comprehensive compliance with such subpoenas and civil investigative demands electronically; and
  7. Identifying non-cooperative voice service providers (VSPs), such as those that do not participate in the traceback process, repeatedly originate or accept illegal robocalls, regularly are the domestic point of entry for illegal robocalls originating outside the United States, and repeatedly are incapable of providing sufficient records.

The A.G.s believe implementing these priorities, “in conjunction with the steps taken by the state attorneys general and our federal counterparts will further our collective goal of combating unwanted and illegal robocalls.”

The letter is clear that the A.G.s have noticed considerable growth in the amount of the illegal robocalls targeting the American people and now are taking meaningful steps to bolster “its enforcement efforts against illegal robocallers and other related bad actors.” Indeed, the timing of the letter from the state A.G.s to USTelecom is more than salient—it is tip-off that state A.G.s are gearing up to bring enforcement actions at a time when they have seen states’ budgets decimated and state A.G.s be laser-focused on issues like price-gouging and scams related to the coronavirus (“COVID-19”) pandemic. While the illegal robocalls have been a thorn in everyone’s side for a while, state A.G.s now are laying the foundation for future enforcement actions with their encouragement of carriers to gather a wider variety of call data and to analyze such data to pinpoint illegal robocall campaigns.

One interesting factor, however, about this tactic by the state A.G.s is that, while the propagators of illegal robocalls who are eventually identified will feel the force of actions brought by the A.G.s, the telecom providers like the ones represented by USTelecom arguably may be made to bear the enforcement burden in the interim by being asked to expend effort to collect more data, to alert law enforcement, like state A.G.s, of suspected illegal robocall campaigns with sufficient information to trigger investigations, and to make it easier for law enforcement agencies to furnish telecom providers with subpoenas and civil investigative demands. Put differently, while the telecom providers may not be the targets of these investigations, they may be forgiven if they were to feel as though they were as a result of the state A.G.s’ wish list coming to fruition.

The upshot ultimately is, however, that targeting these illegal robocalls is a win-win scenario for state A.G.s—they get to tout going after something that everyone disdains while also leveraging enforcement actions to bring in funds to cash-strapped state budgets during a time when revenue is hard to come by due to COVID-19.

Given this, in the near future, state A.G.s are likely to exercise their authority to enforce state and federal privacy laws, including the Telephone Consumer Protection Act’s prohibition on placing telemarketing solicitation calls to consumers who were registered with the National Do Not Call Registry, and to continue laying the foundation by issuing subpoenas and CIDs to groups like the ITG to further the collection of information.