Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • New York settles with online retailer over data breach

    State Issues

    On June 6, the New York Attorney General announced a $65,000 settlement with an online retailer resolving allegations that the company failed to provide notice of an online data breach to over 39,000 customers, including nearly 3,000 New Yorkers, for over three years. According to the announcement, unauthorized parties placed malicious code designed to steal credit card information in the company’s software in September 2014. The company discovered the code in November 2014, but did not remediate it until January 2015 (or February 2015, after the code was mistakenly reintroduced and permanently deleted).  The Attorney General alleges that the company did not notify its affected customers until May 2018, and that, because the company did not notify New York authorities or its affected customers “in an expedient time-period, and without unreasonable delay,” it violated New York’s General Business Law § 899-aa.

    The company offered potentially affected customers two years of free credit monitoring, fraud consultation, and identity theft restoration services, which is not required by law. In addition to the penalty, the settlement requires the company to conduct trainings for appropriate employees and conduct thorough investigations of any future data security breaches involving private information to ensure compliance with state law.

    State Issues State Attorney General Privacy/Cyber Risk & Data Security Settlement Credit Cards

    Share page with AddThis
  • Nevada authorizes pilot program for marijuana banking

    State Issues

    On June 5, the Nevada governor signed AB 466, requiring the State Treasurer to create a pilot program, authorized to operate from October 1, 2019 through June 30, 2023, for the establishment of one or more closed-loop payment processing systems that enable certain persons to engage in financial transactions relating to marijuana.

    The closed-loop payment processing system established under the pilot program must be designed to, among other things: (i) provide marijuana establishments and medical marijuana establishments a safe, secure and convenient method of paying state and local taxes; (ii) prevent revenue from the sale of marijuana from going to criminal enterprises, gangs and drug cartels, and; (iii) prevent lawful financial transactions relating to marijuana from being used as a cover or pretext for unlawful activities. The bill requires the State Treasurer to adopt regulations to carry out the pilot program and requires that the State Treasurer submit a report concerning the pilot program on or before December 1, 2020, and every 6 months thereafter.

    State Issues State Legislation State Regulators Medical Marijuana

    Share page with AddThis
  • Maine enacts consumer privacy law for internet service providers

    State Issues

    On June 6, the Maine governor signed S.P. 275/L.D. 946, which requires certain broadband Internet access services to receive express, affirmative consent from a customer before disclosing, selling, or permitting access to a customer’s personal information. Among other things, the provisions stipulate that a customer may revoke his or her consent at any time, and forbid providers from refusing service or charging a penalty or offering a discount based on the customer’s decision to provide or not provide consent. Furthermore, providers must include a “clear, conspicuous and nondeceptive notice at the point of sale,” as well as on the provider’s public website, concerning the provider’s obligations and the customer’s rights. Requirements for safeguarding customers’ personal information are also outlined. The Act applies only to providers operating in Maine that provide Internet access service to customers that are physically located and billed for services received in Maine.  The new law will take effect July 1, 2020.

    State Issues State Legislation Privacy/Cyber Risk & Data Security Consumer Protection

    Share page with AddThis
  • Oregon enacts new vendor data breach notification requirements

    State Issues

    On May 24, the Oregon Governor signed SB 684, which amends the state’s data breach notification provisions related to third-party vendors. Among other provisions, the amendments require vendors that are contracted to maintain or access personal information on behalf of a covered entity to (i) notify the covered entity “as soon as is practicable but not later than 10 days” after discovering a security breach or believing a breach has occurred; and (ii) notify the state Attorney General if a security breach involves personal information of more than 250 consumers, or an undetermined amount of consumers, provided that the covered entity has not already done so. SB 684 also updates the definition of personal information to include usernames in combination with other authentication factors used to access a consumer’s account, and establishes that a covered entity or vendor may “affirmatively defend” against allegations it has not adequately safeguarded personal information by showing that it maintained reasonable security measures for protecting personal information in compliance with HIPAA or the Gramm-Leach-Bliley Act, as applicable. The amendments take effect January 1, 2020.

    State Issues State Legislation Data Breach Privacy/Cyber Risk & Data Security Third-Party

    Share page with AddThis
  • Maryland amends statute of limitations for UDAP actions against mortgage servicers

    State Issues

    On May 25, the Maryland governor signed HB 0425, which amends the state’s statute of limitations applicable to certain civil actions relating to unfair, abusive, or deceptive trade practices (UDAP) filed against a mortgage servicer. Specifically, the bill requires that an action filed by a homeowner alleging damages arising out of a UDAP violation shall be filed within the earlier of: (i) 5 years after a foreclosure sale of the residential property; or (ii) 3 years after the mortgage servicer discloses its UDAP violation to the homeowner. The bill is effective October 1.

    State Issues State Legislation UDAP Mortgage Servicing Mortgages Foreclosure

    Share page with AddThis
  • Oregon removes sunset on GAP waiver statutes

    State Issues

    On May 24, the Oregon governor signed SB 366, which repealed the sunset provision on statutes establishing the conditions under which creditors can offer guaranteed asset protection (GAP) waivers in connection with the sale of an automobile. Chapter 523, Oregon Laws 2015 allows creditors to offer GAP waivers to consumers outside of the regulation of the Insurance Code while specifying certain requirements for offering the waivers. Section 11 of Chapter 523, would have repealed these GAP waiver provisions on January 2, 2020. The bill repeals Section 11, allowing for the GAP waiver provisions to remain in effect. The bill is effective January 1, 2020.

    State Issues State Legislation GAP Waivers Auto Finance

    Share page with AddThis
  • Oregon requires consumers to repay title, payday loans before lender makes new loan

    State Issues

    On May 30, the Oregon Governor signed HB 2089, which, among other things, prohibits title loan and payday loan lenders from making a new loan to a consumer until seven days after the consumer has fully repaid a previous title loan or payday loan. In addition, lenders may not make or renew a title loan or payday loan with an interest rate exceeding 36 percent annually, excluding a one-time allowable origination fee. These amendments apply to loan contracts, including renewals, executed on or after January 1, 2020.

    State Issues State Legislation Consumer Lending Payday Lending

    Share page with AddThis
  • Nevada updates Military Lending Act provisions

    State Issues

    On May 28, the Nevada governor signed SB 201, which, among other things, updates existing Nevada law referring to the federal Military Lending Act (MLA). Specifically, the bill eliminates the current state law provisions that adopt the MLA by referring generally to the federal law and instead specifically adopts the language of certain MLA provisions for lending to a covered service member or a dependent of a covered service member. The bill thus includes language that (i) prohibits a lender from charging an annual percentage rate greater 36 percent; (ii) requires a lender to make certain disclosures before extending certain consumer credit; and (iii) prohibits certain additional loan terms in a transaction, such as a requirement that the loan be repaid by allotment. The bill also requires the Commissioner of Financial Institutions to adopt regulations to administer, carry out, and enforce the MLA provisions. The new provisions were effective on May 28 for the purpose of adopting any regulations and performing any other preparatory administrative tasks that are necessary to carry out the provisions of this act, and on October 1, 2019, for all other purposes.

    State Issues State Legislation Military Lending Military Lending Act

    Share page with AddThis
  • California announces $1.5 million in judgments against investment recovery telemarketing scheme

    State Issues

    On May 28, the California Attorney General announced approximately $1.5 million in judgments against a company and four individuals (defendants) charged with allegedly operating a telemarketing scheme that offered fake investment recovery services. According to the Attorney General’s office, the defendants allegedly made false and deceptive claims to investors, many of whom were elderly, that the company could recover money lost from previous investments for an up-front fee of several thousand dollars. The terms of the judgments include $930,800 in combined civil penalties and $567,774 in restitution, and permanently enjoin and restrain the defendants from, among other things, making false or misleading statements in connection with telemarketing transactions. The Attorney General’s announcement also disclosed the recovery of nearly $25,000 in victim restitution pursuant to a bond issued to the company under California’s Telephonic Sellers Law.

    State Issues State Attorney General Robocalls Courts

    Share page with AddThis
  • State AGs request automatic discharge of disabled veterans’ student loan debt

    State Issues

    On May 24, Attorneys General from 47 states, American territories, and Washington D.C., sent a letter to Secretary Betsy DeVos of the U.S. Department of Education (Department) to implement an automatic discharge process for the student loans of veterans who are totally and permanently disabled or otherwise unemployable (known as a “TPD discharge”). The letter asserts that while the Higher Education Opportunity Act of 2008 requires that the Department discharge the student loans of veterans who are totally and permanently disabled as a result of service, the Department requires eligible veterans to take “affirmative steps to secure the loan forgiveness,” which “may prove [to be] insurmountable obstacles to relief for many eligible veterans due to the severe nature of their disabilities.” According to the letter, the Department has identified over 42,000 veterans who are eligible for discharges and carry over $1 billion in dischargeable student loan debt, yet fewer than 9,000 of the eligible veterans had applied for the discharge as of April 2018. In response to the Department’s concerns about the veterans’ potential tax liability, the Attorneys General pointed out that federal tax law excludes loan discharges for disabled borrowers from taxable income. Even if the discharge increases their state tax bill, the Attorneys General argued that most borrowers would prefer to have their outstanding loans completely discharged, and those that do not could be given notice and an opportunity to opt out. Because there is no statutory requirement that eligible veterans apply for the TPD discharges, the Attorneys General urged the Department to implement a program to automatically discharge the outstanding loans as expeditiously as possible.

    State Issues Student Lending Military Lending Higher Education Act Department of Education

    Share page with AddThis

Pages

Upcoming Events