Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On January 31, the Consumer Financial Protection Bureau (CFPB) published its Fall 2021 Unified Agenda in the Federal Register. For more information, click here.
  • On January 27, the CFPB released its annual list of consumer reporting companies. The list identifies dozens of specialty reporting companies that collect and sell access to people’s data, including individuals’ finances, employment, check writing histories, or rental history records. For more information, click here.
  • On January 27, the Federal Trade Commission (FTC) announced that consumers in 2021 reported losing about $770 million to fraud initiated on social media — about one fourth of all reported fraud losses for the year and an 18-fold increase from 2017, according to the FTC’s latest Consumer Protection Data Spotlight. For more information, click here.
  • On January 26, the CFPB launched an “initiative,” which the regulator claims could “save households billions of dollars a year by reducing exploitative junk fees charged by banks and financial companies.” Consumers having an issue with a consumer financial product or service can submit a complaint with the CFPB online or by calling (855) 411-CFPB (2372). For more information, click here.
  • On January 26, the Securities and Exchange Commission (SEC) proposed rules to expand Regulation ATS to govern alternative trading systems involved in trading securities, which may reach cryptocurrency exchanges and decentralized finance projects. The 654-page proposal would expand the definition of an “exchange” in Exchange Act Rule 3b-16(a) to include “communication protocol systems that make available for trading any type of security.” SEC officials previously stated their beliefs that many, if not all, digital assets qualify as securities. Republican SEC Commissioner Hester Peirce, in a dissenting statement, noted that “[e]ven if you have nothing to do with government securities or even fixed-income, or with traditional securities, read this release,” as “[i]t covers a lot of ground, and you should not assume that it has nothing to do with you, because it probably does.” The proposal has not yet been published in the Federal Register, which will start the 30-day public comment period. For more information, click here.
  • On January 24, the CFPB published a notice and request for comment regarding its inquiry into buy-now-pay-later providers. For more information, click here.

State Activities:

  • On January 28, the Texas Supreme Court announced that it is accepting comments on its proposed amendments to the Texas Rules of Civil Procedure notice of judgment and monetary damages, as well as service of writ of garnishment, before they take effect on May 1. The court may change the proposed amendments in response to the public comments, which are due by March 4 to rulescomments@txcourts.gov. For more information, click here.
  • On January 26, New York Attorney General Letitia James announced a major win over WinRed in a consumer protection case. WinRed is a company that “processes online donations for the Republican Party” and “sued New York, Connecticut, Maryland, and Minnesota following the states’ inquiry into WinRed’s use of pre-checked recurring donation boxes in political solicitations.” The U.S. District Court for the State of Minnesota rejected WinRed’s jurisdictional challenges, which allows New York’s (and other states’) investigations into the company to proceed. For more information, click here.
  • On January 25, the Florida Office of Financial Regulation (OFR) issued an investor advisory “to raise awareness about decentralized finance (DeFi), a relatively new blockchain-based group of financial services gaining popularity[.]” According to OFR Commissioner Russell C. Weigel, III, “DeFi-based companies offer lending, banking, and investing options that are decentralized and not dependent on traditional financial markets. This evolution of financial services is not necessarily a bad thing and may be a good thing, but before getting involved with a company or product in the DeFi market, take reasonable steps to understand the risks of this emerging blockchain-based technology and market.” The OFR states that it is “committed to allowing innovation to grow and thrive while protecting Floridians from bad actors.” For more information, click here.
  • On January 25, a Republican state senator from Arizona introduced a bill to add a definition of “legal tender” into the law of Arizona, which would include bitcoin. SB 1341, which defines bitcoin to mean “the decentralized, peer-to-peer digital currency in which a record of transactions is maintained on the bitcoin blockchain and new units of currency are generated by the computation solution of mathematical problems and that operates independently of a central bank,” can be read here.
  • On January 24, New York Attorney General Letitia James announced a $600,000 agreement with EyeMed after a 2020 data breach. According to the press release, the data breach compromised the personal information of approximately 2.1 million consumers nationwide, including 98,632 in New York. In addition to the monetary settlement, EyeMed agreed to “[p]ermanently deleting consumers’ personal information when there is no reasonable business or legal purpose to retain it” and to “[e]ncrypting sensitive consumer information that it collects, stores, transmits and/or maintains.” For more information, click here.

Privacy and Cybersecurity Activities:

  • On January 25, California Attorney General Rob Bonta issued a warning to Californians to beware of fake COVID-19 testing locations and websites. These scammers exploit vulnerable individuals by posing as legitimate companies and health care clinics offering COVID-19 testing. However, after receiving payment for a COVID-19 test, these fake testing sites often fail to provide patients with results. They also may ask for a patient’s personal identifiable information with the intent to commit fraud. Bonta provided several tips to avoid fake COVID-19 testing sites including: (1) only get tested at verified COVID-19 testing sites or through medical groups, (2) identify and avoid “lookalike” websites that look identical to well-known trusted organizations, and (3) be cautious of unsolicited calls regarding testing sites. For the full alert, click here.
  • The FTC warned that social media platforms like Facebook and Instagram are a “gold mine” for crypto scammers. The latest consumer data report from the FTC saw a sharp spike in online fraud scheme, particularly bogus cryptocurrency ventures. Last year, consumers reported losing around $770 million to fraud that began with an ad or message on social media — up from $258 million from the year before and an 18-fold increase from 2017. These scams are typically either investment schemes, which involve consumers getting tricked into sending money on promises of huge returns but ending up with nothing, or shopping scams, where individuals purchase an item but never receive it. To read the two alerts, click here and here.
  • On January 26, consumer privacy advocates sent a letter, urging lawmakers to pass a bill that would prevent law enforcement and intelligence agencies from buying Americans’ private data from telecom providers. The American Civil Liberties Union (ACLU) spearheaded the letter, which encouraged lawmakers to prioritize the “issue of government surveillance abuse.” To read the letter, click here.
  • In honor of Data Privacy Day on January 28, the New York Department of Financial Services (NYDFS) released several tips to protect one’s consumer data. These include (1) being wary of unsolicited emails and telephone calls seeking personal information; (2) securing your mobile devices, including downloading software updates, (3) carefully using Wi-Fi hotspots, including limiting use of public Wi-Fi and cautiously logging into sensitive accounts; (4) using strong passwords; (5) varying the types of security questions used on different accounts; and (6) watching out for phishing. For the full list of tips and statement, click here.
  • Nebraska State Senator Mike Flood (R-NE) proposed Legislature Bill 1188, which would enact the Uniform Law Commission’s Uniform Personal Data Protection Act (UPDPA). Nebraska is the first state to introduce the ULC’s framework, drafted with a goal toward universal adoption across states. The UPDPA calls for certain rights, including a right for users to access and correct data, opt-in requirements for individuals under the age of 13, and a prohibition on discrimination. Unlike other bills, it would not provide a private a right of action nor a right to deletion. To read the bill, click here.
Photo of Alan D. Wingfield Alan D. Wingfield

Alan Wingfield helps consumer-facing clients navigate compliance, litigation and regulatory risks posed by the complex web of state and federal consumer protection laws. He is a trusted advisor and tireless advocate, helping clients develop practical compliance and dispute-resolution strategies.

Read more about Alan D. WingfieldEmailAlan's Linkedin Profile
Photo of Ronald I. Raether, Jr. Ronald I. Raether, Jr.

Ron leads the firm’s Privacy + Cyber team. Drawing from nearly 30 years of experience, he provides comprehensive services to companies in all aspects of privacy, security, data use, and risk mitigation. Clients rely on his in-depth understanding of technology and its application

Ron leads the firm’s Privacy + Cyber team. Drawing from nearly 30 years of experience, he provides comprehensive services to companies in all aspects of privacy, security, data use, and risk mitigation. Clients rely on his in-depth understanding of technology and its application to their business to solve their most important challenges — from implementation and strategy to litigation and incident response. Ron and his team have redefined the boundaries of typical law firm privacy and cyber services in offering a 360 degree approach to tackling information governance issues. Their holistic services include drafting and implementing bespoke privacy programs, program implementation, licensing, financing and M&A transactions, incident response, privacy and cyber litigation, regulatory investigations, and enforcement experience.

Read more about Ronald I. Raether, Jr.EmailRonald I.'s Linkedin Profile
Show more Show less
Photo of Jed Komisin Jed Komisin

Jed defends clients engaged in civil litigation. He has significant courtroom experience and works with his clients to find comprehensive solutions to their legal issues.

Read more about Jed KomisinEmailJed's Linkedin Profile
Photo of Elizabeth Briones Elizabeth Briones

Elizabeth is an associate in the Consumer Financial Services practice who represents businesses large and small – from corporations to local partnerships. She is an experienced litigator with a background in complex matters ranging from corporate contract disputes, premises liability, negligence, fraud, and…

Elizabeth is an associate in the Consumer Financial Services practice who represents businesses large and small – from corporations to local partnerships. She is an experienced litigator with a background in complex matters ranging from corporate contract disputes, premises liability, negligence, fraud, and other business torts. She has appeared in state, federal, and multidistrict litigation.

Read more about Elizabeth BrionesEmailElizabeth's Linkedin Profile
Show more Show less
Photo of Edgar Vargas Edgar Vargas

Edgar is a Certified Information Privacy Professional (CIPP/US). He assists clients on compliance and litigation issues, including issues regarding privacy and cybersecurity laws. He is fluent in Spanish, allowing him to effectively communicate with and serve Spanish speaking clients.

Read more about Edgar VargasEmailEdgar's Linkedin Profile
Photo of Dan Stillman Dan Stillman
Email
Photo of Graham Dean Graham Dean
Email
Photo of Robyn Lin Robyn Lin

Robyn is a privacy and data security attorney who focuses on helping clients understand and maintain data compliance.

Read more about Robyn LinEmailRobyn's Linkedin Profile
Photo of Ethan G. Ostroff Ethan G. Ostroff

Ethan Ostroff’s practice focuses on financial services litigation and consumer law compliance counseling. Ethan is part of the firm’s national practice representing consumer-facing companies of all types in defense of individual and class action claims and counseling them on compliance with federal and

Ethan Ostroff’s practice focuses on financial services litigation and consumer law compliance counseling. Ethan is part of the firm’s national practice representing consumer-facing companies of all types in defense of individual and class action claims and counseling them on compliance with federal and state laws.

Read more about Ethan G. OstroffEmailEthan G.'s Linkedin Profile
Show more Show less