InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Superior Court rules phone calls, email are not alternatives to an ADA-compliant website
On May 21, a California Superior Court granted summary judgment to a visually-impaired plaintiff, ruling that “auxiliary aids” in the form of phone calls or email replies do not meet the Americans with Disabilities Act’s (ADA) burden of providing “full and equal enjoyment of…any place of public accommodation.” According to the order, the defendants, who operate a restaurant and website, argued in part that the plaintiff could have called or emailed the restaurant to obtain information from the website. However, the judge ruled that “email and telephone options do not provide effective communication ‘in a timely manner’ nor do they protect the independence of the visually impaired” because they force a wait for a call back or reply email. As to whether the defendants’ website qualified as a “place of public accommodation within the meaning of the ADA,” the judge ruled that—while courts are split about whether “public accommodations” are limited to physical spaces—the defendants’ restaurant website fell within the category of a public accommodation under a “plain reading” of the statute, and the DOJ’s interpretation of websites under Title III of the ADA. In addition to awarding $4,000 in statutory damages, the court issued an injunction to the defendants, ordering them to comply with Web Content Accessibility Guidelines 2.0 AA to ensure their website is ADA compliant.
Louisiana governor signs amendments relating to consumer loan licensing
On May 15, the Louisiana governor signed SB171, which amends a state statute that prescribes when a person acquiring or controlling ownership interest in a consumer loan licensee must obtain approval from the state’s commissioner. Under SB171, written approval by the commissioner must now be received for any person acquiring or controlling “[25] percent or more of the ownership interest in a licensee”—an amount previously set at 50 percent or more. The amendments also strike the requirement that “[a]ny person who acquires or anticipates acquiring a [75] percent interest in a licensee shall file for a new license prior to acquiring ownership of said interest either incrementally over a period of time or as one transaction.” The amendments became effective upon signature by the governor.
New Jersey Attorney General seeks to partner with Department of Education on for-profit investigations
On May 17, the New Jersey Attorney General, Gurbir Grewal, sent a letter to the Secretary of Education, Betsy Devos, regarding concerns that the Department of Education (Department) is no longer investigating fraudulent activities at for-profit colleges. Grubir cited work that State Attorneys General did with the Department during the previous administration regarding these investigations and noted that the cooperation between his office and the Department has “ground to a halt.” The letter concludes with Grubir requesting the Department continue several investigations that are in progress and offers to assist in sharing information and supplementing resources or, if the Department chooses not to pursue the investigations, to allow the New Jersey Attorney General to “pick up where [the Department] leave[s] off.”
District of Columbia mayor passes bill to make code consistent with FTC, federal court interpretations of unfair or deceptive trade practices
On May 21, District of Columbia Mayor Muriel Bowser signed B22-0185/D.C. Act 22-367 to, among other things, update portions of the District of Columbia’s Official Code concerning the term “unfair or deceptive trade practice” to make it consistent with interpretations made by the FTC and federal courts. Language under the Consumer Protection Clarification and Enhancement Amendment Act of 2018, has been amended to read as follows: “It shall be a violation of this chapter for any person to engage in an unfair or deceptive trade practice, whether or not any consumer is in fact misled, deceived, or damaged thereby.” The amendments also increase the civil penalty for first violations of the act to not more than $5,000 per violation, and to not more than $10,000 for repeat violations. The act will take effect following a 30-day congressional review period.
Louisiana governor amends data breach notification law; passes security freeze legislation
On May 20, the Louisiana governor signed SB361 to amend the state’s existing data breach notification law. The amendments require entities conducting business in the state or that own or license computerized data to (i) “implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information from unauthorized access, destruction, use, modification, or disclosure,” and (ii) take “all reasonable steps” to destroy documents containing personal information once they no longer need to be retained. Key amendment highlights are as follows:
- revises definitions, which include (i) defining “breach of the security of the system” to now apply to “the compromise… of computerized data that results in, or there is a reasonable likelihood to result in. . .” unauthorized acquisition and access; and (ii) revising the definition of “personal information” to include residents of the state, and include passport numbers and biometric data;
- requires entities to notify affected individuals within 60 days of the discovery of a data breach—pending the needs of law enforcement—and further stipulates that if a determination is made to delay notification, the Attorney General must be notified in writing within the 60-day period to receive an extension of time;
- provides that substitute notification—consisting of email notification, a notice posted to the entity’s website, and notifications to major statewide media—may be provided should the entity demonstrate that (i) the cost of the notification would exceed $100,000; (ii) the affected class of persons exceeds 100,000; or (iii) the entities lack sufficient contact information; and
- states that violations of the Database Security Breach Notification Law constitute an unfair act or practice.
The amendments take effect August 1.
Separately, on May 15, the governor signed SB127, which prohibits credit reporting agencies from charging a fee for placing, reinstating, temporarily lifting, or revoking a security freeze. The bill became effective upon signature by the governor.
Colorado Court of Appeals holds attorney fees award is a non-dischargeable civil penalty
On May 17, the Colorado Court of Appeals held that an attorney fees award imposed under the Colorado Consumer Protection Act (CCPA) is a civil penalty and is not dischargeable under the Bankruptcy Code. According to the opinion, the State of Colorado sued a law firm, its owners, and affiliated companies for allegedly violating the CCPA and the Colorado Federal Debt Collection Practices Act (CFDCPA) by fraudulently billing mortgage servicers for full costs associated with title insurance premium charges even though not all the costs were incurred. The district court agreed with the State and awarded attorney fees and costs for the violations. In the appeal, one of the defendants argued, among other things, that the district court was precluded from awarding attorney fees because his debts had previously been discharged in bankruptcy. In affirming the district court’s decision, the appeals court concluded that attorney fees awards made under the CCPA and the CFDCPA are not dischargeable because the award “made under the CCPA’s mandatory provision was sufficiently penal to constitute a ‘fine, penalty or forfeiture’ under § 523(a)(7) [of the Bankruptcy Code] and was not dischargeable.”
Vermont legislation regulates data brokers and provides consumer protections
On May 22, a Vermont bill, established to regulate data brokers and provide consumers with protections against companies that collect, analyze, and sell their personal information, was enacted without the governor’s signature. Among other things, H.764: (i) requires data brokers to pay a $100 fee to register annually with the Vermont Secretary of State and publicly disclose information about data collection practices and opt-out policies; (ii) requires companies to implement measures to ensure they have “adequate security standards” to safeguard against data breaches; (iii) prohibits the “acquisition of personal information with the intent to commit wrongful acts”; and (iv) prohibits credit reporting agencies from charging consumers fees for the placement, removal, or temporary lift of a security freeze. The credit freeze provisions became effective upon passage. The data broker provisions take effect January 1, 2019.
Minnesota prohibits security freezes fees, authorizes security freezes for protected persons
On May 19, the Minnesota governor signed HF1243, which, effective immediately, prohibits credit reporting agencies for charging a fee for the placement, removal, or temporary lift of a security freeze. The law previously allowed for a fee of $5.00. Additionally, effective January 1, 2019, the law authorizes the placement of a security freeze for a protected person – defined by the law as an individual under the age of 16 – if a consumer reporting agency receives a request by the protected person’s representative and certain authentication standards are met. The law also outlines the requirements for removing a security freeze for a protected person.
Maryland and Georgia prohibit security freeze fees
On May 15, the Maryland governor signed SB 202, which prohibits consumer reporting agencies from charging consumers, or protected consumers’ representatives, a fee for the placement, removal, or temporary lift of a security freeze. Previously, Maryland allowed for a fee, in most circumstances, of up to $5.00 for each placement, temporary lift, or removal. The law takes effect October 1.
On May 3, the Georgia governor signed SB 376, which amends Georgia law to prohibit consumer reporting agencies from charging a fee for placing or removing a security freeze on a consumer’s account. Previously, Georgia law allowed for a fee of no more than $3.00 for each security freeze placement, removal, or temporary lift, unless the consumer was a victim of identity theft or over 65 years old. Under SB 376, consumer reporting agencies may not charge a fee to any consumer at any time for the placement or removal of a security freeze. This law takes effect July 1.
Maryland governor signs provisions amending Maryland Consumer Loan Law’s small lending requirements
On May 15, the Maryland governor signed legislation to establish requirements for lenders making covered loans in the state. Among other things, HB1297 increases the threshold for which a loan is subject to small lending requirements within the Maryland Consumer Loan Law (MCLL) from $6,000 to $25,000. The law also prohibits (i) lenders who are not licensed in the state from making loans of $25,000 or less, unless the person is exempt from requirements under MCLL; (ii) a person contracting “for a covered loan that has a rate of interest, charge, discount, or other consideration greater than the amount authorized under state law”; and (iii) covered loans that would be a violation of the Military Lending Act. Loans that violate these provisions are deemed void and unenforceable except in limited circumstances. The law takes effect January 1, 2019.