InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Twenty state Attorneys General oppose bill that would remove attorneys engaged in debt collection litigation from FDCPA purview
On April 19, a coalition of twenty state Attorneys General issued a letter to leaders of Congress expressing opposition to the Practice of Law Technical Clarification Act, HR 5082, which would amend the FDCPA to exclude law firms and attorneys engaged in debt collection-related litigation activities from the scope of the FDCPA. The House Financial Services Committee passed HR 5082 on March 21 with a vote of 35-25. In the letter, the Attorneys General state, “debt collection lawsuits comprise the majority of many state-court dockets” and note numerous actions brought by the CFPB and state Attorneys General against debt collection law firms and attorneys for illegal collection practices. The letter argues that debt collection attorneys should be held accountable when using litigation for improper purposes and that HR 5082 would preclude Attorneys General from using the FDCPA to pursue improper behavior. Additionally, the letter notes, “the FDCPA is the only consumer protection tool available to State Attorneys General in a significant number of jurisdictions where state consumer protection law does not govern the conduct of attorneys.”
New York Attorney General launches cryptocurrency integrity initiative
On April 18, the New York Attorney General’s office announced the launch of an initiative designed to protect virtual currency investors and increase transparency and accountability within the cryptocurrency industry. Attorney General Eric T. Schneiderman sent questionnaires to 13 virtual currency trading platforms, requesting information on their operations, policies, and internal controls as part of a “fact-finding inquiry.” “[T]oo often, consumers don't have the basic facts they need to assess the fairness, integrity, and security of these trading platforms,” the Attorney General stated. The Virtual Markets Integrity Initiative asks the trading platforms to disclose several categories of information, including ownership and control information, operation and fees, trading policies and procedures, internal controls, and privacy and money laundering risks and safeguards. Responses will be analyzed, compared across platforms, and presented to the public. Questionnaires are due May 1.
FTC and Florida Attorney General settle with debt relief scammers
On April 12, the FTC and the Florida Attorney General announced an $85 million settlement with three individuals who allegedly sold fake debt relief services. As previously covered by InfoBytes, in May 2017, the FTC and the Florida Attorney General filed a complaint against the individuals for allegedly violating the FTC Act, the FTC’s Telemarketing Sales Rule, and the Florida Deceptive and Unfair Trade Practices Act. According to the complaint, consumers, after collectively paying hundreds or thousands of dollars a month for promised debt-consolidation services marketed by the individuals, discovered their debts were unpaid, their accounts had defaulted, and their credit scores damaged. Under the proposed orders (here and here), all three marketers are restrained and enjoined from “advertising, marketing, promoting, offering for sale, selling” credit repair products and services, debt relief products and services, and financial products and services. The $85 million judgment is held jointly and severally against each of the individuals with a suspended judgment for two if all material assets are surrendered. The judgment for the third individual, considered the ringleader of the operation, is not suspended and the individual is still required to surrender all material assets.
Department of Education restores accreditor’s federal recognition pending review of its 2016 petition
On April 3, Department of Education (Department) Secretary, Betsey DeVos restored the Accrediting Council for Independent Colleges and Schools’ (ACICS) status as a federally recognized accrediting agency, effective as of December 12, 2016. The order follows the U.S. District Court for the District of Columbia’s March 23, 2018 remand of the former Secretary’s December 2016 decision withdrawing recognition. The order states that while federal recognition is restored, the Department will review ACICS’ January 2016 petition to determine whether continued recognition is warranted. As previously covered by InfoBytes, a coalition of state Attorneys General urged the Department to reject ACICS’ application to regain recognition, citing to what the Attorneys General called “ACICS’ systemic accreditation failures.”
State judge says Massachusetts can sue credit reporting agency over data breach
On April 2, a state court judge denied a credit reporting agency’s motion to dismiss claims for violations of state data security regulations. The court stated that while the “mere existence of data breach” does not translate into violations of the state data security regulations, the Massachusetts Attorney General plausibly suggests that the company violated such regulations by knowing of certain vulnerabilities and failing to properly address them. As previously covered by InfoBytes, Massachusetts was the first state to file an action against the credit reporting agency after its September 2017 announcement of a data breach which affected over 143 million consumers.
Pennsylvania district court denies payday lender’s transfer request to bankruptcy court
On April 3, the U.S. District Court for the Eastern District of Pennsylvania denied a motion to move an action, filed by a group of online payday lenders (defendants), from Pennsylvania to Texas. The defendants—who filed for bankruptcy in Texas last year—sought to centralize lawsuits referred to by the court as ”rent-a-bank” and “rent-a-tribe” schemes. (See previous InfoBytes coverage on the allegations here.) The defendants argued that the presumption of trying cases related to a bankruptcy proceeding in the court where the proceeding is pending, which is commonly recognized under 28 U.S.C. Section 1412, should apply. The court, however, found that Section 1412’s presumption of transfer does not apply to police and regulatory actions. In support, the district court cited to a Montana federal judge’s decision this past January, which denied a transfer request in a similar suit brought by the CFPB against one of the defendants. In the summary of its findings, the court noted “[s]imply put, Congress has favored the interest of permitting states’ regulatory and police actions to independently proceed over the interest in centering the administration of the defendant’s related bankruptcy proceedings.”
Washington expands the state’s Service Member’s Civil Relief Act
On March 22, the Washington governor signed HB 1056, which amends the Washington Service Member’s Civil Relief Act (WSCRA) to update the definition of “service member” and allow for a service member to terminate or suspend certain private contracts without penalty. Specifically, HB 1056 defines “service member” as “an active member of the United States armed forces, a member of a military reserve component, or a member of the national guard who is either stationed in or a resident of Washington state.” The law allows for a service member, after receiving orders for a permanent change of station or deployment (for at least 30 days), to terminate or suspend certain contracts for the following: telecommunication services, internet services, health studio services, and subscription television services. After proper written notice is given to the service provider for termination, suspension or reinstatement, the service member may not be charged a “penalty, fee, loss of deposit, or any other additional cost” due to the notice. Additionally, HB 1056 allows the Washington Attorney General to recover costs and fees in an action brought to enforce the WSCRA. The law becomes effective on June 7.
Alabama enacts data breach notification law
On March 28, the Alabama governor signed SB 318, The Alabama Data Breach Notification Act of 2018 (Act), which requires entities doing business in the state to (i) notify consumers within 45 days if their personal data has been compromised in a data breach; and (ii) notify the state Attorney General and consumer reporting agencies if more than 1,000 individuals have been impacted. The Act also states that third-party agents, entities that have been contracted to maintain, store, process, or otherwise access sensitive personally identifying information in connection with providing services to a covered entity, are required to notify the covered entity of a breach of security “no later than 10 days following the determination of the breach of security or reason to believe the breach occurred.” Additionally, the Act gives the state Attorney General authority to prosecute a failure to disclose a data breach as an unlawful act or practice under the Alabama Deceptive Trade Practices Act, which can result in daily penalties of up to $5,000 per violation. However, entities that follow the notice requirements of industry-specific state or federal laws or regulations are exempt from the Alabama legislation. The law is effective June 1.
Arizona creates first state regulatory sandbox for fintech innovation
On March 22, the Governor of Arizona signed HB 2434, which creates the first state “sandbox” program for companies to test innovative financial products or services without certain regulatory requirements. Arizona’s Regulatory Sandbox Program (RSP) will be administered by the state Attorney General and requires, among other things, that applicants describe the innovation desired to be tested, including an explanation of potential benefits and risks to consumers. Within 90 days, the Attorney General will notify the applicant if they are approved for the program. Details of the RSP program include a window of 24 months to test the product, requirements for seeking extensions to that time limit, a cap on the number of individuals who may participate in testing a product, and required disclosures to consumers. Participants are required to retain records and documents produced in the normal court of business for their product, and the Attorney General is allowed to seek those records and to establish regular reporting requirements. The RSP also places additional restrictions on certain participants, including consumer lenders and money transmitters, and requires compliance with Arizona consumer financial laws and all statutory limits and caps related to financial transactions.
The RSP is effective on April 26 and terminates on July 1, 2028.
Coalition of state Attorneys General urges Congress to oppose data breach bill
On March 19, the Illinois Attorney General, along with 30 other state Attorneys General and the Executive Director of the Hawaii Office of Consumer Protection, issued a letter to selected members of Congress opposing the Data Acquisition and Technology Accountability and Security Act (the DATAS Act), which would establish broad standards for data protection across industries and create federal notification requirements for covered entities after certain types of data breaches. (See previous InfoBytes coverage here.) According to the Illinois Attorney General’s letter, the DATAS Act would preempt state data breach and data security laws. The letter also stated that “States have proven themselves to be active, agile, and experienced enforcers of their consumers’ data security and privacy. With the increasing threat and ever-evolving nature of data security risks, the state consumer protection laws that our Offices enforce provide vital flexibility and a vehicle by which the States can rapidly and effectively respond to protect their consumers.” Serious potential concerns arising from the DATAS Act raised in the letter include (i) reduced transparency to consumers; (ii) delayed notification to consumers affected by data breaches; and (iii) an overly narrow focus on large-scale data breaches “affecting 5,000 or more consumers” which “prevent[s] attorneys general from learning of or addressing breaches that happen on a smaller national scale.”