Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On November 22, the New York Senate’s Committee on Consumer Protection and Committee on Internet and Technology held a joint hearing titled, “Consumer Data and Privacy on Online Platforms,” which discussed the proposed New York Privacy Act, SB S5642 (the Act). The Act was introduced in May and seeks to regulate the storage, use, disclosure, and sale of consumer personal data by entities that conduct business in New York State or produce products or services that are intentionally targeted to residents of New York State. The Act contains different provisions than the California Consumer Privacy Act (CCPA), which is set to take effect on January 1, 2020 (visit here for InfoBytes coverage on the CCPA). Highlights of the Act include:
- Fiduciary Duty. Most notably, the Act requires that legal entities “shall act in the best interests of the consumer, without regard to the interests of the entity, controller or data broker, in a manner expected by a reasonable consumer under the circumstances.” Specifically, the Act states that personal data of consumers “shall not be used, processed or transferred to a third party, unless the consumer provides express and documented consent.” The Act imposes a duty of care on every legal entity, or affiliate of a legal entity, with respect to securing consumer personal data against privacy risk and requires prompt disclosure of any unauthorized access. Moreover, the Act requires that legal entities enter into a contract with third parties imposing the same duty of care for consumer personal data prior disclosing, selling, or sharing the data with that party.
- Consumer Rights. The Act requires covered entities to provide consumers notice of their rights under the Act and provide consumers with the opportunity to opt-in or opt-out of the “processing of their personal data” using a method where the consumer must clearly select and indicate their consent or denial. Upon request, and without undue delay, covered entities are required to correct inaccurate personal data or delete personal data.
- Transparency. The Act requires covered entities to make a “clear, meaningful privacy notice” that is “in a form that is reasonably accessible to consumers,” which should include: the categories of personal data to be collected; the purpose for which the data is used and disclosed to third parties; the rights of the consumer under the Act; the categories of data shared with third parties; and the names of third parties with whom the entity shares data. If the entity sells personal data or processes data for direct marketing purposes, it must disclose the processing, as well as the manner in which a consumer may object to the processing.
- Enforcement. The Act defines violations as an unfair or deceptive act in trade or commerce, as well as, an unfair method of competition. The Act allows for the attorney general to bring an action for violations and also prescribes a private right of action on any harmed individual. Covered entities are subject to injunction and liable for damages and civil penalties.
According to reports, state lawmakers at the November hearing indicated that federal requirements would be “the best scenario,” but in the absence of Congressional movement in the area, one state senator noted that the state legislators must “assure [their] constituents that [the state legislature is] doing everything possible to protect their privacy.” Witnesses expressed concern that the Act would be placing too many new requirements on businesses that differ from what other states have already enacted, and encouraged more consistent baseline standards for compliance instead of a patchwork approach. Some witnesses expressed specific concern with the opt-in requirement for the collection and use of consumer data, noting that waiting on consumers to opt-in, as opposed to just opting-out, makes compliance difficult to administer. Lastly, many witnesses were displeased about the broad private right of action in the Act, but consumer groups praised the provision, noting that the state attorney general does not have the resources to regulate and enforce against all the data collection and sharing in the state.
On November 19, the New York attorney general’s office announced the launch of a Civil Rights Bureau investigation into allegations that Long Island real estate agents have engaged in discriminatory practices. The announcement follows a newspaper’s recent publication of findings based on a three-year examination of residential brokering firms, where, according to the report, several agents allegedly (i) “steered undercover testers to neighborhoods whose composition matched their own race or ethnicity”; (ii) directed white testers to neighborhoods with the highest white representations, whereas minority testers were sent to more integrated areas; and (iii) subjected minority testers to financial bars that were not imposed on white testers, such as requiring mortgage preapproval in order to view properties. The AGs office encourages Long Island residents to report any instances of housing discrimination.
AG coalition calls on Department of Education to discharge loans for students who attended closed for-profit school
On November 13, a coalition of 22 state attorneys general led by the Massachusetts attorney general sent a letter to the Department of Education’s Federal Student Aid Chief Operating Officer to determine whether the Department has complied with federal regulations that allow student borrowers to qualify for automatic discharge relief if they attended a school within 120 days of its closure date and have not continued their education elsewhere. The letter referred to an estimate provided by the Department in May, which stated that approximately 52,000 former students of a now-closed for-profit college qualified for automatic closed-school discharge relief. The letter notes, however, that recent information obtained from Congress indicates that only 7,000 student borrowers have been granted automatic discharges. Among other things, the AGs ask the Department to clarify whether all eligible students are now receiving automatic discharges, and request that the 120-day window be expanded “due to the deeply compromised nature of the school and its offerings in the months before its national collapse.” In addition, the letter requests details about the number of students with discharged loans and the methodology the Department is using to implement the automatic closed-school discharge.
On November 13, the Washington attorney general announced an office supply company has agreed to pay $900,000 to resolve an investigation into deceptive computer repair services. According to the AG’s office, the company allegedly used a software program, called “PC Health Check” or similar names, to facilitate the sale of diagnostic and repair services to retail customers that cost up to $200, regardless of whether their computer was actually infected with viruses or malware. The company claimed that the program, which allegedly detected malware symptoms on consumers’ computers, actually based the results on answers to four questions consumers were asked by a company employee at the beginning of the service, including whether the computer had slowed down, had issues with frequent pop-up ads, received virus warnings, or crashed often. After the questions were asked, the responses were entered into the program and a simple scan of the computer was run. The AG’s office claims that the scan had no connection to the malware symptoms results because an affirmative answer by the consumer to any of the four questions always led to the report of actual or potential malware symptoms. The release also states that in 2012, a company employee informed management that “the software reported malware symptoms on a computer that ‘didn’t have anything wrong with it,’” but that the company continued to sell the repair services until 2016 to an estimated 14,000 Washington consumers. According to the AG’s release, Washington is the only state to reach an agreement with the company over the alleged practices in addition to the $35 million national settlement the company and its software vendor reached with the FTC in March for similar conduct. (Previous InfoBytes coverage here.)
On November 11, the Massachusetts attorney general announced a $4 million settlement with a Virginia-based debt collection company to resolve allegations that it engaged in deceptive and unfair debt collection practices. The AG’s release stated that an assurance of discontinuance filed in the Suffolk Superior Court alleges that the company “aggressively” collected on purchased defaulted loans, credit card accounts, car loans, and other consumer debts by using a network of in-house collectors who contacted consumers through multiple letters and phone calls, and used law firms to take consumers to court. An investigation revealed that the company “routinely pursued consumers with only exempt sources of income such as social security, social security disability, and supplemental security income,” and that consumers who informed the company of their reliance on such income “were pressured by the company to pay money they should have been entitled to keep.” Among other things, the AG’s office claimed that the company also (i) collected on debts it could not substantiate; (ii) failed to verify whether the consumer information it reported to credit reporting agencies was accurate; (iii) ignored the statute of limitations when collecting debt; and (iv) failed to notify consumers of their rights to request proof of a debt and to provide proof of a debt upon request. In addition to the $4 million payment, the company has agreed to stop collecting from consumers using only exempt income, will obtain documentation that debts are valid before collecting, will inform consumers when debt is beyond the statute of limitations, and will refrain from calling consumers more than twice in a seven-day period. The company also agreed to stop reporting debts it cannot substantiate to credit reporting agencies and to investigate consumer credit report accuracy disputes.
On November 6, the CFPB filed an amicus brief with the Court of Appeals of Maryland in a case challenging a private class action settlement against a structured settlement company, which purports to “release the Bureau’s claims in a pending federal action, to enjoin class members from receiving benefits from the Bureau’s lawsuit, and to assign any benefits the Bureau might obtain for class members to the class-action defendants.” As previously covered by InfoBytes, in 2017, the U.S. District Court for the District of Maryland allowed a UDAAP claim brought by the CFPB to move forward against the same structured settlement company, where the Bureau alleged the company employed abusive practices when purchasing structured settlements from consumers in exchange for lump-sum payments. A similar action was also brought by the Maryland attorney general against the company. In addition to the state and federal enforcement actions, the plaintiffs filed a private class action against the company, and a trial court approved a settlement. The Court of Special Appeals reversed the lower court’s approval of the settlement, concluding that it “interferes with the [state’s] and Bureau’s enforcement authority.” The company appealed.
In its brief to the Maryland Court of Appeals, the Bureau argues that the Court of Special Appeals decision should be affirmed because the settlement provisions “threaten to interfere with the Bureau’s authority under the [Consumer Financial Protection Act] in two significant ways.” Specifically, the Bureau argues that the settlement (i) could interfere with the Bureau’s statutory mandate to remediate consumers harmed through the Civil Penalty Fund; and (ii) would interfere with the Bureau’s authority to use restitution to remediate consumer harm. The Bureau states that “the risk of windfalls to such wrongdoers could force the Bureau to decline to award Fund payments to victims,” and would “threaten to offend basic principles of equity.”
On October 31, the Michigan attorney general announced it filed a lawsuit against an online lender alleging the lender violated the CFPA and Michigan law by allegedly offering usurious loans in an “unfair, deceptive, and abusive manner” with interest rates between 388 percent and 1,505 percent. The complaint alleges that the online lender is using its affiliation with a federally recognized Indian tribe located in California to circumvent Michigan’s interest rate cap, but, “is not an arm of the tribe and therefore is not entitled to assert tribal sovereign immunity from suit.” Moreover, the complaint argues that because the lender offers loans to Michigan residents, it is operating outside of tribal boundaries and, therefore, is subject to any and all applicable state and federal laws. In addition to usurious interest rates, the complaint alleges the lender misrepresented contract terms, including various rates and fees, and refused to let consumers pay off loans early. The attorney general is seeking declaratory and injunctive relief to prevent the lender from “providing usurious loans in Michigan in the future.” Notably, this is Michigan’s first-ever lawsuit alleging violations of the CFPA.
On October 30, the CFPB, along with the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney (together, the “states”), announced an action against a student loan debt relief operation for allegedly deceiving thousands of student-loan borrowers and charging more than $71 million in unlawful advance fees. In the complaint filed October 21 and unsealed on October 29 in the U.S. District Court for the Central District of California, the Bureau and the states alleged that since at least 2015 the defendants have violated the Consumer Financial Protection Act, the Telemarketing Sales Rule, and various state laws by charging and collecting improper advance fees from student loan borrowers prior to providing assistance and receiving payments on the adjusted loans. In addition, the Bureau and the states claim the defendants engaged in deceptive practices by misrepresenting (i) the purpose and application of fees they charged; (ii) their ability to obtain loan forgiveness; and (iii) their ability to actually lower borrowers’ monthly payments. The defendants also allegedly failed to inform borrowers that they automatically requested that the loans be placed in forbearance and submitted false information to student loan servicers to qualify borrowers for lower payments. The complaint seeks injunctive relief, as well as damages, restitution, disgorgement, and civil money penalties.
On November 15, the court entered a preliminary injunction enjoining the alleged violations of law in the complaint, contining the asset freeze, and appointing a receiver against the defendants.
On October 16, eight members of the Senate Banking Committee submitted a comment letter in response to the CFPB’s Advance Notice of Proposed Rulemaking (ANPR) issued last May seeking information on the costs and benefits of reporting certain data points under HMDA. (Previous InfoBytes coverage here.) In the comment letter, committee members urged the Bureau to continue collecting all HMDA data points added in the Bureau’s 2015 final rule rather than considering limitations on the information that must be collected. The committee members asserted that they are “deeply troubled” by the CFPB’s announcement that it would “reopen the 2015 HMDA rule before the new data points had even been collected,” and urged the Bureau to “follow the intent of Congress and maintain collection of all data points added by the 2015 final rule,” stressing the data’s importance when monitoring market trends, credit access, and mortgage lending discrimination.
As previously covered by InfoBytes, on October 15, a coalition of state attorneys general also submitted a comment letter asserting, among other things, that the ANPR will open the door for financial institutions to engage in discriminatory lending.
On October 22, the Massachusetts attorney general filed an action in the U.S. District Court for the District of Massachusetts challenging the U.S. Department of Education’s (DOE) continued collection of federal student loan debt incurred by over 7,000 individuals to attend a now closed for-profit college. The complaint alleges that, in 2015, the attorney general submitted an application to the DOE on behalf of the individuals who attended the for-profit school to have their federal loans forgiven due to the institution’s allegedly fraudulent conduct. The attorney general asserts that its application for loan discharge was supported by evidence of the institution’s various wrongful conduct towards Massachusetts students, and its submission established a defense to the enforceability of the underlying federal student loan debt. However, the complaint asserts that the DOE did not grant the requested loan relief and instead has continued collection efforts on debts subject to discharge under the attorney general’s application. The attorney general is seeking an order to set aside the DOE’s decision to continue collection efforts as “arbitrary and capricious” in violation of the Administrative Procedure Act and to declare that Massachusetts borrowers have established a defense to repayment of their federal student loans.
- Daniel P. Stipano to discuss “Beneficial Ownership: You have questions – We have quick answers” at the ABA/ABA Financial Crimes Enforcement Conference
- Moorari K. Shah to discuss "Legal & regulatory issues – Next wave of regulatory policy" at the Marketplace Lending & Alternative Financing Summit
- Daniel P. Stipano to discuss "Risk management in enforcement actions: Managing risk or micromanaging it" at an American Bar Association webinar
- Kari K. Hall and Christopher M. Walczyszyn to speak on the "Understanding updates to Regulation CC to ensure effective check processing" at a National Association of Federal Credit Unions webinar
- Daniel P. Stipano to discuss "ACAMS Moneylaundering.com Year-End Compliance Review and 2020 Outlook" at an ACAMS webinar
- APPROVED Webcast: Periodic reporting made easier
- Daniel P. Stipano to discuss "A 20/20 view on 2020’s legislative and regulatory outlook" at the ACAMS Anti-Financial Crime and Public Policy Conference