InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
California caps rate on installment loans
On October 10, the California governor signed AB 539, known as the “Fair Access to Credit Act,” which amends the California Financing Law (CFL) to limit the rate of interest on certain installment loans. Specifically, for installment loans with a principal amount between $2,500 and $10,000, lenders are prohibited from charging an annual simple interest rate exceeding 36 percent plus the federal funds rate, excluding an administrative fee (not to exceed $50). Moreover, for loans between $2,500 and $10,000, the bill establishes a minimum 12-month loan term. Among other things, the bill also (i) requires lenders to report each borrower’s payment performance of these installment loans to at least one national credit reporting agency; (ii) requires lenders to offer an approved credit education program or seminar approved by the Commissioner of Business Oversight before disbursing the proceeds to the borrower; and (iii) prohibits lenders from charging or receiving any penalty for prepayment for loans made pursuant to the CFL that are not secured by real property. The bill is effective January 1, 2020.
California governor signs CCPA amendments
On October 11, the California governor signed several amendments to the California Consumer Privacy Act (CCPA) and other privacy-related bills. As previously covered by a Buckley Special Alert, AB 874, AB 1355, AB 1146, AB 25, and AB 1564 leave the majority of the consumer’s rights intact in the CCPA and clarify certain provisions—including the definition of “personal information.” Other exemptions were added or clarified regarding the collection of certain data that have a bearing on financial services companies. Notable revisions to the CCPA include the (i) “personal information” definition; (ii) FCRA exemption; (iii) employee exemption; (iv) business individual exemption; (v) verification and delivery requirements; (vi) privacy policy and training requirements; (vii) collection of information; and (viii) vehicle/ownership information exemption. The various amendments are effective on January 1, 2020, the same day the CCPA becomes effective.
Additionally, on October 10, the California attorney general released the highly anticipated proposed regulations implementing the CCPA. See the Buckley Special Alert for details of the proposed regulations.
California: Mortgage debt now included under Rosenthal Fair Debt Collection Practices Act
On October 7, California’s governor signed SB 187, which amends the state’s Rosenthal Fair Debt Collection Practices Act and provides that consumer debt under the act now includes mortgage debt. SB 187 also removes the exception for an attorney or counselor at law from the definition of debt collector, and makes other nonsubstantive changes. The amendments take effect January 1, 2020.
California attorney general releases proposed CCPA regulations
On October 10, the California attorney general released the highly anticipated proposed regulations implementing the California Consumer Privacy Act (CCPA). The CCPA—which was enacted in June 2018 (covered by a Buckley Special Alert), amended in September 2018, amended again in October 2019 (pending Governor Gavin Newsom’s signature), and is currently set to take effect on January 1, 2020 (Infobytes coverage on the amendments available here and here)—directed the California attorney general to issue regulations to further the law’s purpose. The proposed regulations address a variety of topics related to the law, including:
- How a business should provide disclosures required by the CCPA, such as the notice at collection of personal information, the notice of financial incentive, the privacy policy, and the opt-out notice;
- The handling of consumer requests made under the CCPA, such as requests to know, requests to delete, and requests to opt-out;
- Service provider classification and obligations;
- The process for verifying consumer requests;
- Training and recordkeeping requirements; and
- Special requirements related to minors.
The California attorney general will hold four public hearings between December 2 and December 5 on the proposed regulations. Written comments are due by December 6.
Notably, the Notice of Proposed Rulemaking states that “the adoption of these regulations may have a significant, statewide adverse economic impact directly affecting business, including the ability of California businesses to compete with businesses in other states” and requests that the public consider, among other things, different compliance requirements depending on a business’s resources or potential exemptions from the regulatory requirements for businesses when submitting comments on the proposal.
Buckley will follow up with a more detailed summary of the proposed regulations soon.
California cities allowed to form public banks
On October 2, the California governor signed AB 857 to authorize the creation of “public banks” in the state to support local economies, community development, and address infrastructure and housing needs for localities. Under AB 857, public banks are defined as “a corporation, organized as either a nonprofit mutual benefit corporation or a nonprofit public benefit corporation for the purpose of engaging in the commercial banking business or industrial banking business, that is wholly owned by a local agency, as specified, local agencies, or a joint powers authority.”
Among other things, cities who submit applications to the California Department of Business Oversight (DBO) to obtain a certificate of authorization will be required to provide a viability study, as well comply with “[a]ll provisions of law applicable to nonprofit corporations” and obtain deposit insurance through the FDIC. AB 857 also requires “a local agency that is not a charter city to obtain voter approval of a motion to submit an application to the [DBO].” The number of new public bank licenses the DBO is authorized to approve is limited to two per calendar year, with no more than 10 public banks operating at any time. In addition, public banks may only offer products to retail customers through partnerships with existing financial institutions, and are barred from competing with local financial institutions. AB 857 expires seven years after regulations under this law are promulgated.
California addresses robocall spoofing
On October 2, the California governor signed SB 208, the “Consumer Call Protection Act of 2019,” which requires telecommunications service providers (TSPs) to implement specified technological protocols to verify and authenticate caller identification for calls carried over an internet protocol network. Specifically, the bill requires TSPs to implement “Secure Telephone Identity Revisited (STIR) and Secure Handling of Asserted information using toKENs (SHAKEN) protocols or alternative technology that provides comparable or superior capability by January 1, 2021. The bill also authorizes the California Public Utilities Commission and the Attorney General to enforce certain parts of 47 U.S.C. 227, making it unlawful for any person within the U.S. to cause any caller identification service to knowingly transmit misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value.
As previously covered by InfoBytes, in June 2019, the FCC adopted a Notice of Proposed Rulemaking (NPRM) requiring voice providers to implement the “SHAKEN/STIR” caller ID authentication framework. The FCC argued that once “SHAKEN/STIR” is implemented, it would “reduce the effectiveness of illegal spoofing and allow bad actors to be identified more easily.”
Ballot initiative seeks to expand CCPA, create new enforcement agency
On September 25, Alastair Mactaggart, the Founder and Chair of the Californians for Consumer Privacy and the drafter of the initiative that ultimately resulted in the California Consumer Privacy Act (CCPA), announced a newly filed ballot measure to further expand the CCPA (currently effective on January 1, 2020), titled the “California Privacy Rights and Enforcement Act of 2020” (the Act) (an additional version of the Act is available with comments from McTaggart’s team). The Act would result in significant amendments to the CCPA, including the following, among others
- Sensitive personal information. The Act sets forth additional obligations in connection with a business’s collection, use, sale, or disclosure of “sensitive personal information,” which is a new term introduced by the Act. “Sensitive personal information” includes categories such as health information; financial information (stated as, “a consumer’s account log-in, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account”); racial or ethnic origin; precise geolocation; or other data collected and analyzed for the purpose of identifying such information.
- Disclosure of sensitive personal information. The Act expands on the CCPA’s disclosure requirements to include, among other things, a requirement for businesses to specify the categories of sensitive personal information that will be collected, disclose the specific purposes for which the categories of sensitive personal information are collected or used, and disclose whether such information is sold. In addition, the Act prohibits a business from collecting additional categories of sensitive personal information or use sensitive personal information collected for purposes that are incompatible with the disclosed purpose for which the information was collected, or other disclosed purposes reasonably related to the original purpose for which the information was collected, unless notice is provided to the consumer.
- Contractual requirements. The Act sets forth additional contractual requirements and obligations that apply when a business sells personal information to a third party or discloses personal information to a service provider or contractor for a business purpose. Among other things, the Act obligates the third party, service provider, or contractor to provide at least the same level of privacy protection required by the Act. The contract must also require the third party, service provider, or contractor to notify the business if it makes a determination that it can no longer meet its obligation to protect the personal information as required by the Act.
- Eligibility for financial or lending services. The Act would require a business that collects personal information to disclose whether the business is profiling consumers and using their personal information for purposes of determining eligibility for, among other things, financial or lending services, housing, and insurance, as well as “meaningful information about the logic involved in using consumers’ personal information for this purpose.” Additionally, the business appears required to state in its privacy policy notice if such profiling had, or could reasonably have been expected to have, a significant, adverse effect on the consumers with respect to financial lending and loans, insurance, or any other specific categories that are enumerated. Notably, while Mactaggart has expressed heightened concern with sensitive personal information, such as health and financial information, the Act appears to retain the CCPA’s current exemptions under the Fair Credit Reporting Act and the Gramm-Leach-Bliley Act.
- Advertising and marketing opt-out. The Act includes a consumer’s right to opt-out, at any time, of the business’s use of their sensitive personal information for advertising and marketing or disclosure of personal information to a service provider or contractor for the same purposes. The Act requires that businesses provide notice to consumers that their sensitive personal information may be used or disclosed for advertising or marketing purposes and that the consumers have “the right to opt-out” of its use or disclosure. “Advertising and marketing” means a communication by a business or a person acting on the business’s behalf in any medium intended to induce a consumer to buy, rent, lease, join, use, subscribe to, apply for, provide, or exchange products, goods, property, information, services, or employment.
- Affirmative consent for sale of sensitive personal information. The Act expands on the CCPA’s opt-out provisions and prohibits businesses from selling a consumer’s sensitive personal information without actual affirmative authorization.
- Right to correct inaccurate information. The Act provides consumers with the right to require a business to correct inaccurate personal information.
- Definition of business. The Act revises the definition of “business” to:
- Clarify that the time period for calculating annual gross revenues is based on the prior calendar year;
- Provide that an entity meets the definition of “business” if the entity, in relevant part, alone or in combination, annually buys the personal information of 100,000 or more consumers or households;
- Include a joint venture or partnership composed of business in which each business has at least a 40% interest; and
- Provides a catch-all for businesses not covered by the foregoing bullets.
- The “California Privacy Protection Agency.” The Act creates the California Privacy Protection Agency, which would have the power, authority, and jurisdiction to implement and enforce the CCPA (powers that are currently vested in the attorney general). The Act states that the Agency would have five members, including a single Chair, and the members would be appointed by the governor, the attorney general, and the leaders of the senate and assembly.
If passed, the Act would become operative on January 1, 2021 and would apply to personal information collected by a business on or after January 1, 2020.
As previously covered by a Buckley Special Alert, on September 13, lawmakers in California passed numerous amendments to the CCPA, which are awaiting Governor Gavin Newsom’s signature, who has until October 13 to sign. The amendments leave the majority of the consumer’s rights intact, but certain provisions were clarified — including the definition of “personal information” — while other exemptions were clarified regarding the collection of certain data that have a bearing on financial services companies.
New York says creditors prohibited from obtaining confessions of judgments against out-of-state borrowers
On August 30, the New York governor signed S 6395, which prohibits creditors from obtaining confessions of judgments through the New York court system against individuals and businesses located outside of the state in order to seize borrower assets. According to a press release issued by Governor Cuomo, prior to the enactment of S 6395, creditors were able to “freeze and seize a borrower’s assets by obtaining a judgment entered in a court far from where the contested agreement was executed, making it difficult for a borrower to legally contest the unfair penalty.” Under S 6395, an entry of judgment may only be filed in “the county where the defendant’s affidavit stated that the defendant resided when it was executed or where the defendant resided at the time of filing.” For non-natural persons, the county of residence is where it has a place of business. Notably, government agencies engaged in enforcing civil or criminal law against a person or a non-natural person, are exempt from the bill’s measures and may file an affidavit in any county within the state. S 6395 is effective immediately.
Illinois creates Blockchain Technology Act
On August 23, the Illinois governor signed HB 3575 to create the Blockchain Technology Act. Under the Act, “blockchain” is defined as “an electronic record created by the use of a decentralized method by multiple parties to verify and store a digital record of transactions which is secured by the use of a cryptographic hash of previous transaction information.” Among other things, the Act specifies permitted uses of blockchain technology in transactions and proceedings, such as in smart contracts, electronic records and signatures, and provides several limitations, including a provision stipulating that if a law requires a contract or record to be in writing, the legal enforceability may be denied if the blockchain transaction cannot later be accurately reproduced for all parties. Moreover, local government units are prohibited from imposing taxes or fees for the use of blockchain technology, and cannot require a person or entity to obtain a certificate, license, or permit in order to use a blockchain or smart contract. HB 3575 takes effect January 1, 2020.
Illinois updates Consumer Installment Loan Act and Payday Loan Reform Act
On August 23, the Illinois governor signed SB 1758, which amends the state’s Consumer Installment Loan Act and the Payday Loan Reform Act. Generally, payday loans must be repayable in substantially equal and consecutive installments. The amendment clarifies that a “‘substantially equal installment’ includes a last regularly scheduled payment that may be less than, but not more than 5% larger than, the previous scheduled payment according to a disclosed payment schedule agreed to by the parties.” The amendments take effect immediately.