Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.

To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:

Federal Activities

State Activities

Privacy and Cybersecurity Activities

Federal Activities:

  • On February 18, the Consumer Financial Protection Bureau (CFPB) released a bulletin, detailing student loan servicers’ obligation to halt unlawful conduct on borrowers’ eligibility and benefits under the Public Service Loan Forgiveness Waiver. The bulletin recommends that actions servicers should consider ensuring that they do not misrepresent borrower eligibility or make deceptive statements to borrowers about the PSLF program and the waiver. For more information, click here.
  • On February 17, the U.S. Department of Justice announced Eun Young Choi as the new director of its National Cryptocurrency Enforcement Team; a new specialized team of cryptocurrency experts within the Federal Bureau of Investigation (FBI) focused on providing analysis, support, and training across the FBI; as well as its intent to innovate its cryptocurrency tools to stay ahead of future threats. For more information, click here.
  • On February 16, the Federal Trade Commission (FTC) announced that its years-long investigation into DeVry University resulted in the U.S. Department of Education forgiving $71.7 million in federal student loans for students deceived by the for-profit university, based in part on the FTC’s prior action. For more information, click here.
  • On February 16, the CFPB announced that members of the public can submit petitions for rulemaking directly to the CFPB. The petitions will be posted on public dockets for review and comment. For more information, click here.
  • On February 16, the U.S. Department of Education announced that it will suspend the seizure of tax refunds, Social Security payments, and other government payments to collect on defaulted student loans through November. Student loan debt payments are scheduled to resume May 1. For more information, click here.
  • On February 16, the Financial Stability Board issued an updated “Assessment of Risks to Financial Stability from Crypto-assets,” concluding that crypto-asset markets are fast evolving and could reach a point where they represent a threat to global financial stability due to their scale, structural vulnerabilities, and increasing interconnectedness with the traditional financial system. For more information, click here.
  • On February 15, the CFPB announced that it is taking action to halt prepaid card providers siphoning money away from Americans through exclusive government benefit contracts. The CFPB issued a compliance bulletin, outlining the existing prohibitions against prepaid cards being the sole method for distributing government benefits. For more information, click here.
  • On February 15, Representative Warren Davidson (R-OH) announced he will introduce the “Keep Your Coins Act,” which intends “[t]o prohibit Federal agencies from restricting the use of convertible virtual currency by a person to purchase goods or services for the person’s own use, and for other purposes.” That same day, Congressman Josh Gottheimer (D-NJ) announced a discussion draft of the “Stablecoin Innovation and Protection Act, which is intended to define “qualified stablecoins” to differentiate them from “more volatile cryptocurrencies.”
  • On February 15, 18 virtual asset service providers announced the creation of the Travel Rule Universal Solution Technology (TRUST), a solution intended to address global anti-money laundering data sharing requirements recommended by the Financial Action Task Force and required by the Financial Crimes Enforcement Network.

State Activities:

  • On February 16, New York Attorney General Letitia James issued a consumer alert, warning New Yorkers of tracking threats from the use of AirTags. According to the alert, individuals “have reported finding unknown AirTags attached to their cars, and in their purses, coat pockets, and other personal property,” which are “small tracking devices intended to act as a key finder to help people locate their personal items.” Attorney General James made recommendations for how consumers can protect themselves and stated, “Tracking people without their awareness or consent is a serious felony and will not be tolerated by my office.” For more information, click here.
  • On February 14, New York Attorney General Letitia James issued a press release announcing recovery of money for consumers who paid for expedited COVID-19 tests, but who received their results later than the promised timeframe. “It’s simple, testing sites and labs must follow the law and accurately advertise when consumers can expect their results, otherwise they can expect to hear from my office,” said Attorney General James. The companies also had purportedly been advised to stop misrepresenting turnaround times for results and refund customers unfairly charged in warning letters. For more information, click here.
  • On February 14, Texas Attorney General Ken Paxton sued Facebook (now known as Meta) for allegedly “capturing and using the biometric data of millions of Texans without properly obtaining their informed consent to do so, in violation of Texas law.” According to a press release announcing the suit, “Facebook has been storing millions of biometric identifiers (defined by statute as “a retina or iris scan, fingerprint, voiceprint, or record of hand or face geometry) contained in photos and videos uploaded by friends and family who used the social media app,” which allegedly violates “Texas’ Capture or Use of Biometric Identifier Act and the Deceptive Trade Practices Act.” For more information, click here.

Privacy and Cybersecurity Activities:

  • On February 16, the White House Office of Science and Technology released 130 comments received in response to its request for information (RFI) on “public and private sector uses of biometric technologies.” The RFI comment period began on October 8, 2021 and ended on January 15, 2022. The RFI’s stated purpose was to “understand the extent and variety of biometric technologies in past, current, or planned use; the domains in which these technologies are being used; the entities making use of them; current principles, practices, or policies governing their use; and the stakeholders that are, or may be, impacted by their use or regulation.” Numerous comments referenced the COVID-19 pandemic, with many focusing on the ways in which the pandemic has accelerated the adoption of biometric technologies/collection. For more information, click here.
  • On February 16, the U.S. Committee on House Administration held the first privacy-focused hearing of the new year titled, “Big Data: Privacy Risks and Needed Reforms in the Public and Private Sectors.” The Committee on House Administration has not previously focused on data privacy; however, the committee’s chair, Representative Zoe Lofgren (D-CA), co-sponsored both the 2019 and 2021 versions of the Online Privacy Act. Last week’s hearing featured testimony by experts from nonprofits, academia, and private industry, while broadly focusing on the need for/potential requirements of federal privacy legislation. While this hearing did not focus on the narrow topic of COVID-19-related privacy issues, the limitations on tracing cases imposed by the EU’s General Data Protection Regulation (GDPR) was discussed in the written testimony. For more information, click here.
Photo of Ethan G. Ostroff Ethan G. Ostroff

Ethan Ostroff’s practice focuses on financial services litigation and consumer law compliance counseling. Ethan is part of the firm’s national practice representing consumer-facing companies of all types in defense of individual and class action claims and counseling them on compliance with federal and

Ethan Ostroff’s practice focuses on financial services litigation and consumer law compliance counseling. Ethan is part of the firm’s national practice representing consumer-facing companies of all types in defense of individual and class action claims and counseling them on compliance with federal and state laws.

Photo of Robyn Lin Robyn Lin

Robyn is a privacy and data security attorney who focuses on helping clients understand and maintain data compliance.

Photo of Elizabeth Briones Elizabeth Briones

Elizabeth is an associate in the Consumer Financial Services practice who represents businesses large and small – from corporations to local partnerships. She is an experienced litigator with a background in complex matters ranging from corporate contract disputes, premises liability, negligence, fraud, and…

Elizabeth is an associate in the Consumer Financial Services practice who represents businesses large and small – from corporations to local partnerships. She is an experienced litigator with a background in complex matters ranging from corporate contract disputes, premises liability, negligence, fraud, and other business torts. She has appeared in state, federal, and multidistrict litigation.

Photo of Ronald I. Raether, Jr. Ronald I. Raether, Jr.

Ron leads the firm’s Privacy + Cyber team. Drawing from nearly 30 years of experience, he provides comprehensive services to companies in all aspects of privacy, security, data use, and risk mitigation. Clients rely on his in-depth understanding of technology and its application

Ron leads the firm’s Privacy + Cyber team. Drawing from nearly 30 years of experience, he provides comprehensive services to companies in all aspects of privacy, security, data use, and risk mitigation. Clients rely on his in-depth understanding of technology and its application to their business to solve their most important challenges — from implementation and strategy to litigation and incident response. Ron and his team have redefined the boundaries of typical law firm privacy and cyber services in offering a 360 degree approach to tackling information governance issues. Their holistic services include drafting and implementing bespoke privacy programs, program implementation, licensing, financing and M&A transactions, incident response, privacy and cyber litigation, regulatory investigations, and enforcement experience.

Photo of Jed Komisin Jed Komisin

Jed defends clients engaged in civil litigation. He has significant courtroom experience and works with his clients to find comprehensive solutions to their legal issues.

Photo of Edgar Vargas Edgar Vargas

Edgar is a Certified Information Privacy Professional (CIPP/US). He assists clients on compliance and litigation issues, including issues regarding privacy and cybersecurity laws. He is fluent in Spanish, allowing him to effectively communicate with and serve Spanish speaking clients.

Photo of Alan D. Wingfield Alan D. Wingfield

Alan Wingfield helps consumer-facing clients navigate compliance, litigation and regulatory risks posed by the complex web of state and federal consumer protection laws. He is a trusted advisor and tireless advocate, helping clients develop practical compliance and dispute-resolution strategies.