InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
DOJ, FTC, Wisconsin AG sue timeshare scammers
On November 22, the DOJ, FTC, and the Wisconsin attorney general announced a civil enforcement action against 16 defendants for allegedly using deceptive sales practices to sell timeshare “exit services” to consumers, mostly involving senior citizens. The complaint, which was filed in the U.S. District Court for the Eastern District of Missouri, alleged that the defendants failed to assist consumers in exiting their timeshare contracts while collecting large fees for the incomplete service. The complaint also alleged that the defendants deceived consumers into registering for timeshare exit services by, among other things, falsely claiming that consumers could not exit timeshare contracts on their own, and that the defendants were affiliated with legitimate companies. The complaint further alleged that the defendants failed to notify consumers of their rights under federal and state law to cancel their contracts with defendants within three business days. The complaint noted that the defendants allegedly deceived consumers into paying over $90 million to the defendant companies for services that were not delivered. The complaint also stated that the defendants’ actions violated the FTC Act, the FTC’s rule concerning the cooling-off period for sales made at home or other locations, and certain Wisconsin state laws concerning fraudulent misrepresentations and direct marketing. The complaint seeks monetary relief, civil penalties, and injunctive relief. According to the DOJ, the defendants’ timeshare exit services are also the subject of lawsuits filed by the Alaska and Missouri attorneys general in June 2022.
Wisconsin assembly passes comprehensive data privacy bill
On February 23, the Wisconsin assembly passed AB 957, which establishes requirements for controllers and processors of consumer personal data. An assembly amendment to the bill making various changes was adopted the same day. Highlights of the bill include:
- Applicability. The bill will apply to controllers (defined “as a person that, alone or jointly with others, determines the purpose and means of processing personal data”) that “control or process the personal data of at least 100,000 consumers or that control or process the personal data of at least 25,000 consumers and derive over 50 percent of their gross revenue from the sale of personal data.” Personal data is defined as any information linked or reasonably linkable to an individual minus publicly available information. Certain entities are exempt from the bill’s requirements, including “governmental bodies, financial institutions subject to federal privacy disclosure requirements [including affiliates of financial institutions], certain entities subject to federal health privacy laws, nonprofits, and institutions of higher education.” Data collected, processed, and maintained in compliance with the Children’s Online Privacy Protection Act is also exempt.
- Consumer rights. Under the bill consumers will be able to, among other things, (i) confirm whether their personal data is being processed and access their data; (ii) make corrections; (iii) request deletion of their data; (iv) obtain a copy of their previously provided data; and (v) opt out of the processing of their data for targeted advertising, the sale of their data, and certain forms of automated processing of their data. Controllers will be prohibited from taking discriminatory actions against consumers who exercise certain rights.
- Controllers’ responsibilities. Data controllers under the bill will be responsible for responding to consumers’ requests without undue delay, including if a controller declines to take action regarding a consumer’s request. Responses to consumers’ requests must be provided free of charge once annually per consumer, and controllers will be required to establish an appeals process for denied requests, wherein “[w]ithin 60 days of receiving an appeal, a controller must inform the consumer in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for its decisions. If the appeal is denied, the controller must provide the consumer with a method through which the consumer can contact the attorney general to submit a complaint.” The bill will also require controllers to disclose certain information regarding data collection and sharing practices to consumers, as well as how consumers may exercise their rights under the bill. Controllers will also be prohibited from collecting or processing personal data for purposes not relevant to or reasonably necessary for the purposes disclosed in the privacy notice.
- Data processing contracts. The bill requires controllers to enter into data processing contracts with data processors and “requires controllers to conduct data protection assessments related to certain activities, including processing personal data for targeted advertising, selling personal data, processing personal data for profiling purposes, and processing sensitive data, as defined in the bill.” The state attorney general may also request controllers to disclose any data protection assessments relevant to an investigation.
- Private right of action and state attorney general enforcement. The bill explicitly prohibits a private right of action. Instead, it grants the state attorney general exclusive authority to enforce the law and seek forfeiture of up to $7,500 per violation. The attorney general may also recover reasonable investigation and litigation expenses. The bill further “prohibits cities, villages, towns, and counties from enacting or enforcing ordinances that regulate the collection, processing, or sale of personal data.”
- Right to cure. Upon discovering a potential violation of the bill, the attorney general must give the controller or processor written notice. The controller or processor then has 30 days to cure the alleged violation before the attorney general can file suit.
If enacted in its current form, the bill would take effect January 1, 2024. The bill still needs to be approved by the state senate and any differences reconciled before the measure can be sent to the governor.
Wisconsin Supreme Court strikes down state’s stay-at-home order
On May 13, the Wisconsin Supreme Court ruled that the state’s stay at home order was invalid and unenforceable. In a 4-3 decision, the court held that the state’s health services secretary exceeded her authority when issuing the order because she did not follow guidelines in place for emergency rule procedures when issuing the rule. The court further concluded that, even if emergency rulemaking were not required, the order’s requirements for all people to stay in their homes and the closure of businesses exceeded the secretary’s statutory authority. The ruling took immediate effect, lifting the state’s stay-at-home order.
Wisconsin regulator bars penalties for late/missed rent payments
On April 29, the Wisconsin Department of Agriculture, Trade, and Consumer Protection adopted an emergency rule that prohibits landlords from assessing late fees or other penalties for missed or late rent payments during Covid-19 public health emergency. The rule is in effect until 90 days after the public health emergency ends.
Wisconsin Department of Financial Services discourages unlicensed adjustment service companies
On April 29, the Wisconsin Department of Financial Institutions issued guidance on adjustment service companies and encouraged Wisconsin residents exercise caution before hiring companies to assist them with debt management. In particular the guidance discourages doing business with unlicensed companies and links to a list of licensed adjustment service companies.
Wisconsin extends stay at home order
On April 16, the Wisconsin Department of Health Services extended its order closing all non-essential businesses and ordering residents to stay at home until May 26, 2020. Banks, credit unions, and other depository or lending institutions; licensed financial service providers; insurance services; broker dealers; and investment advisors are not required are considered essential and not required to close.
Wisconsin DFI issues emergency guidance on debt collection
On April 13, the Wisconsin Department of Financial Institutions issued guidance on debt collection practices that are prohibited during the Covid-19 crisis. Among them are repeated telephone calls and unsolicited threats to sue. The guidance warns that debt collectors that fail to respect hardships arising from the Covid-19 pandemic “should expect to be judged harshly.”
Wisconsin DFI’s Office of Credit Unions issues resource guide
On April 9, the Wisconsin DFI’s Office of Credit Unions issued a resource guide to answer questions and enable credit unions to continue to conduct business during the Covid-19 pandemic. Topics addressed include the holding of annual meetings, Bank Secrecy Act compliance, board meetings, call report deadlines, and examination protocols, among others.
Wisconsin Department of Financial Institutions issues guidance for conducting annual meetings
On April 3, the Wisconsin Department of Financial Institutions issued emergency guidance for annual meetings of members and shareholders as a result of Covid-19 emergency measures. The guidance provides that all annual meetings may be conducted virtually, provided the meeting adheres to standard record-keeping obligations.
Wisconsin Department of Financial Institutions announces remote notarization
The Wisconsin Department of Financial Institutions announced remote notarization as a result of Covid-19 emergency measures. DFI has currently approved five remote notarization providers: Notarize.com, NotaryCam, Pavaso, DocVerify, and Nexsys. Additional approvals will be forthcoming.
Pages
Upcoming Events
- Keisha Whitehall Wolfe to discuss “Tips for successfully engaging your state regulator” at the MBA's State and Local Workshop
- Max Bonici to discuss “Enforcement risk and trends for crypto and digital assets (Part 2)” at ABA’s 2023 Business Law Section Hybrid Spring Meeting
- Jedd R. Bellman to present “An insider’s look at handling regulatory investigations” at the Maryland State Bar Association Legal Summit