InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Illinois reissues and extends several Covid-19 executive orders
On February 5, the governor of Illinois issued Executive Order 2021-04, which extends several executive orders through March 6, 2021 (previously covered here, here, here, here, and here). Among other things, the order extends: (i) Executive Order 2020-07 regarding in-person meeting requirements, (ii) Executive Order 2020-23 regarding actions by individuals licensed by the Illinois Department of Financial and Professional Regulation engaged in disaster response, (iii) Executive Order 2020-25 regarding garnishment and wage deductions (previously covered here), (iv) Executive Order 2020-30 regarding residential evictions (previously covered here), and (v) Executive Order 2020-72 regarding the residential eviction moratorium (previously covered here and here).
Virginia legislature advances privacy bill
Recently, the Virginia Senate and House advanced identical bills (see SB 1392 and HB 2307), which would establish a framework for controlling and processing consumers’ personal data in the Commonwealth. Highlights of the bill include:
- Applicability. The bill will apply to “persons that conduct business in the Commonwealth or produce products or services that are targeted to residents of the Commonwealth and that (i) during a calendar year, control or process personal data of at least 100,000 consumers or (ii) control or process personal data of at least 25,000 consumers and derive over 50 percent of gross revenue from the sale of personal data.” Notably, financial institutions, data governed by federal regulations, nonprofit organizations, and certain protected health information are exempt from coverage.
- Consumers’ rights. Under the bill, consumers will be able to access their personal data; make corrections; request deletion of their data; obtain a copy of their data in a portable format; and opt out of targeted advertising, sale of their data, or “profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.”
- Controllers’ responsibilities. Data controllers under the bill will be responsible for (i) limiting the collection of data to what is required and reasonably necessary for a specified purpose; (ii) not processing data for reasons incompatible with the specified purpose; (iii) securing personal data from unauthorized access; (iv) not processing data in violation of state or federal anti-discrimination laws; (v) obtaining consumer consent in order to process sensitive data; (vi) ensuring contracts and agreements do not waive or limit consumers’ data rights; and (vii) providing clear and meaningful privacy notices.
- Data processing agreements/data protection assessments. The bill requires controllers to enter into data processing agreements with data processors that outline instructions for processing personal data and require the deletion or return of personal data once a service is concluded. Controllers must also conduct data protection assessments for all processing activities that involve targeted advertising, the sale of personal data, certain profiling activities, sensitive data, and any processing activities that present a heightened risk of harm to consumers.
- Private right of action and state attorney general enforcement. The bill explicitly prohibits a private right of action. Instead, it grants the state attorney general excusive authority to enforce the law and seek penalties of no more than $7,500 per violation. The attorney general may also recover reasonable expenses, including attorney fees, for any initiated action.
- Right to cure. Upon discovering a potential violation of the bill, the attorney general must give the data controller written notice. The data controller then has 30 days to cure the alleged violation before the attorney general can file suit.
The two bills next move to a reconciliation process, and if passed and signed into law, the bill will take effect January 1, 2023.
DFPI issues first enforcement action against student debt-relief company
On February 3, the California Department of Financial Protection and Innovation (DFPI) announced the first-ever enforcement action under its new structure against a student loan debt-relief company and an investigation into others. According to the order, DFPI alleges, among other things, that an Irvine-based debt-relief company violated the Telemarketing Sales Rule (TSR) and the California Consumer Financial Protection Law (CCFPL) by charging consumers fees ranging from $2,100 to $26,510 to “‘wipe away’ their student loans by getting them ‘dismissed’ or ‘discharged,’” which the company could not achieve. Moreover, consumers often financed the payment of the company’s fees, resulting in more debt and the company refused to issue refunds when requested by some consumers. DFPI alleges the company’s actions constitute unlawful and deceptive practices under the CCFPL and violated the TSR’s prohibition of charging fees before performing services. Lastly, DFPI alleges the company was required to obtain a license under the state’s Student Loan Servicing Act (SLSA) because its actions constitute “servicing” student loans under the statute. The order requires the company to refund the fees collected from 18 consumers by March 15 and to pay a civil penalty of $45,000.
DFPI also announced it issued subpoenas to four other student loan debt-relief companies to determine whether the companies engage in or have engaged in any unlawful, unfair, deceptive, or abusive acts or practices and whether their activities require a license. Responses to the subpoenas are due in March.
New York continues to postpone collection on certain debts
On February 1, the attorney general of New York announced an extension of its previous order to halt the collection efforts on certain debts through February 28, 2021. Consumers with student loan debt and medical debt owed to the state will receive an additional 28-day hiatus on payments including a freeze on the accrual of interest on the debts—in order to allow them to deal with the effects of Covid-19. Specifically, the moratorium on collection applies to: (i) “[p]atients that owe medical debt due to the five state hospitals and the five state veterans' home[s]”; (ii) “[s]tudents that owe student debt due to State University of New York (SUNY) campuses”; and (iii) “[i]ndividual debtors, sole-proprietors, small business owners, and certain homeowners that owe debt relating to oil spill cleanup and removal costs, property damage, and breach of contract, as well as other fees owed to state agencies.” New Yorkers who have other types of debt that are owed to the state and who are referred to the Office of the Attorney General may apply for a temporary freeze on collection by submitting an application which can be found here.
Illinois regulator releases educational one pager on Covid-19 relief
In January, the Illinois Department of Financial and Professional Regulation issued a one-pager setting forth eviction, mortgage, and student loan information for consumers. The flyer addresses the eviction moratorium, forbearance of mortgage payments, and student loan borrower relief.
Washington Department of Financial Institutions once again extends “work from home” guidance
On January 29, the Washington Department of Financial Institutions issued interim regulatory guidance to licensed mortgage loan originators and companies that sponsor them relating to temporary remote work. The guidance extends earlier interim guidance (previously covered here, here, here, and here) permitting mortgage loan originators to work from home, provided certain data security obligations are met. The guidance extends through December 31, 2021.
Colorado amends and extends executive order setting forth tenant protections
On January 29 , the Colorado governor issued Executive Order 2021-029 amending and extending Executive Order 2020-307, which set forth certain tenant protections. Executive Order 2020-307 prohibits a landlord, mobile home park owner, property management entity, and others from charging a fee or penalty against a tenant or mobile home owner for failure to timely pay rent. Executive Order 2021-029 extends the moratorium on late fees until 30 days after January 29, 2021, unless extended further by executive order.
California governor signs legislation extending tenant protections
On January 29, the California governor signed SB 91, which provides relief to tenants and small property owners, and extends the eviction moratorium established under AB 3088 (previously discussed here), which is set to expire at the end of January. Among other things, under SB 91, a housing provider and similar entities are prohibited from using an alleged Covid-19 rental debt as a negative factor for evaluating a prospective housing application. In addition, the bill would prohibit a person from selling or assigning unpaid rental debt or charging or increasing fees related to late payment of Covid-19 rent. The bill also extends other eviction protections to July 1, 2021.
Washington Department of Financial Institutions once again extends “work from home” guidance
On January 29, the Washington Department of Financial Institutions issued interim regulatory guidance to licensed mortgage loan originators and companies that sponsor them relating to temporary remote work. The guidance extends earlier interim guidance (previously covered here, here, here, and here) permitting mortgage loan originators to work from home, provided certain data security obligations are met. The guidance extends through December 31, 2021.
DFPI signs MOUs with EWA companies
On January 27, California’s Department of Financial Protection and Innovation (DFPI) announced that it entered into memorandums of understanding (MOUs) with five earned wage access (EWA) companies. According to DFPI, the MOUs represent the first agreements of their kind between fintechs and a state regulator, and are intended to “pave a path so [EWA] companies can continue operating in California, in advance of possible registration under the California Consumer Financial Protection Law [CCFPL], which took effect this year and defines the companies as newly covered financial services.” (Buckley Special Alert coverage on the CCFPL available here.) The five EWA companies represent two advance pay models: “an employer-based model which offers early access to wages in partnership with an employer as a benefit and a direct-to-consumer model which does not require employer participation.”
Under the terms of the MOUs, the companies have agreed to deliver quarterly reports providing DFPI with a better understanding of their products and services, as well as the risks and benefits to consumers in the state. Reports will include information concerning “changes to consumer contracts, fees to consumers, consumer complaints, the average number of advances per month, duration before consumer payback, and the number of consumers making no repayment, partial repayments, or requesting cancellations or deferrals, among other stipulations.” The companies have also agreed to regular periodic DFPI examinations and are required to follow industry best practices, including by, among other things, (i) not offering any financial products that are “contingent on any tips the consumer chooses to make or does not make”; (ii) complying with TILA by limiting annual percentage rates on advanced funds to 36 percent; (iii) disclosing to consumers any potential fees that may be assessed prior to advancing the funds; (iv) limiting the amount of funds advanced to a consumer to no more than 50 percent of the consumer’s next paycheck; and (v) allowing consumers to revoke EFT authorization up to three days before a scheduled repayment date.
As previously covered by InfoBytes, last November the CFPB issued an advisory opinion on EWA products, which clarified that “a Covered EWA Program does not involve the offering or extension of ‘credit’” under Regulation Z, which implements TILA. The Bureau noted that the “totality of circumstances of a Covered EWA Program supports that these programs differ in kind from products the Bureau would generally consider to be credit.”