Like most industries today, consumer credit services businesses continue to be significantly impacted by COVID-19. To help keep you up to date with relevant activity, below is a breakdown of some of the biggest federal and state legislative and regulatory events impacting the consumer credit services industry during the week. last :
Privacy and cybersecurity activities
- On May 26, the Consumer Financial Protection Bureau (CFPB) confirmed that federal anti-discrimination law requires businesses to explain to applicants the specific reasons for denying a credit application or taking other adverse action, even if the creditor relies on credit models using complex algorithms. . The CFPB published a Circular on consumer financial protection to remind the public, including those responsible for enforcing the federal consumer financial protection law, of the adverse creditor action notification requirements under the Equal Opportunity credit. For more information, click here.
- On May 26, the CFPB sent a letter to the six largest credit card lenders, asking them why they choose not to include the amount their customers pay each month when providing information to credit reporting agencies. , claiming that the practice has the potential to suppress consumers. ‘ credit ratings and prevent consumers from getting the best possible terms when applying for credit. For more information, click here.
- On May 26, the CFPB published a blog post regarding credit reporting disputes and the requirements providers must meet when handling a dispute. For more information, click here.
- On May 24, the CFPB announced the opening of the Competition and Innovation Office as part of a new approach to spur innovation in financial services by promoting competition and identifying barriers for new market entrants. The bureau will replace the Innovation Bureau, which focused on an application-based process to give special regulatory treatment to individual companies. The new office will support CFPB’s broader initiative to analyze barriers to opening up markets, better understand how big players are crowding out small players, organize incubation events and generally facilitate the change of financial service provider. For more information, click here.
- On May 26, California Attorney General Rob Bonta issued a press release, outlining the obligations of health apps under California law to protect and secure reproductive health information. According to the press release, the “Medical Information Privacy Act (CMIA) applies to mobile apps designed to store medical information, including certain fertility trackers, and establishes privacy protections that go beyond beyond federal law. Attorney General Bonta urged health apps to adopt strong security and privacy measures to protect reproductive health information. For more information, click here.
- On May 23, the California Department of Financial Protection and Innovation (DFPI) sent an email advising license applicants and potential license applicants that the issuance of licenses under the Debt Collections Licensing Act is inevitably delayed at this time. The original deadline for applicants was December 31, 2021; however, in mid-December, this deadline was extended to March 15. The DFPI previously said that people who applied before March 15 would be deemed temporarily compliant with California’s licensing requirement, pending approval of the licensing application. For more information, click here.
- On May 22, Minnesota Governor Tim Walz signed into law SF 2922. SF 2922 contains a work-from-home provision, allowing collection agency staff to continue working remotely. The work from home provision will come into effect on June 1. For more information, click on here.
- On May 20, the California DFPI announced that it had filed a Notice of Proposed Rulemaking with the Office of Administrative Law, inviting the public to comment on the proposed rule. The proposed regulations are intended to implement, interpret, clarify and make specific certain sections of the California Consumer Financial Protection Act that impose obligations on covered businesses to respond to consumer complaints and report information about those complaints and responses to the DFPI. For more information, click here.
Privacy and cybersecurity activities:
- On May 27, the California Privacy Protection Agency (CPPA) released the first set of draft regulations for the California Privacy Rights Act (CPRA). These draft regulations cover many topics, including handling data subject requests, consent requirements, data processing agreements, and more. Over the next few months, these draft regulations will be subject to public comment and review. Further amendments are expected, as are other CPRA bylaws, addressing items omitted from these original bylaws (for example, technical specifications of opt-out preference signals). For more information, click here.
- On May 25, the California Senate passed SB 1172, which if enacted would change how the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) apply to surveillance services. education tests. Specifically, SB 1172 would require companies “providing surveillance services to collect, use, maintain and disclose only the personal information strictly necessary” to provide their services. Education monitoring companies that violate this requirement may be subject to a new private right of action under which consumers can recover all of the following: “(1) liquidated damages of one thousand dollars (1,000 $) per consumer per incident or actual damages, whichever is greater, (2) injunctive or declaratory relief, [and] (3) reasonable attorneys’ fees and expenses, including expert witness fees. SB 1172 will now head to the California State Assembly for further consideration. For more information, click here.