In this podcast, Ballard Spahr consumer financial services partner Chris Willis talks with Scott Ferris, CEO of Attunely, a provider of machine learning (ML) and artificial intelligence (AI) technology to the debt collection industry.  The podcast addresses how changes in consumer behavior have impacted collections, technology’s role in collections,  how ML/AI can improve profitability, and impediments to adopting ML/AI.  Phil Yannella, Leader of Ballard’s Privacy & Data Security Group, also discusses how the GDPR, CCPA and…

Following on the heels of a few relatively small HIPAA settlements, the U.S. Department of Health and Human Services Office of Civil Rights (OCR) announced that it has imposed $2,154,000 in civil monetary penalties against Jackson Health System in Florida for its failure to meet HIPAA privacy and security requirements.  The OCR announcement and accompanying information detail violations that included: The unauthorized access by an employee to the records of more than 24,000 patients over…

For businesses, one of the more worrisome scenarios under the CCPA occurs when they mistakenly provide personal information of a consumer to the wrong party in response to a consumer request, whether because of fraud or simple mistake. Because the definition of data breach under the CCPA is very broad, the unauthorized sharing of personal information with the wrong party could theoretically give rise to a civil cause of action with statutory penalties of $100-$750,…

To the surprise of some, the proposed CCPA Regulations issued last Thursday don’t address many of the well-discussed ambiguities under the law (such as what “valuable consideration” means in the context of a sale of personal information). Rather, the proposed Regulations address a number of technical, nut-and-bolt type compliance issues concerning how businesses must make required privacy disclosures, provide opt-outs notices, verify and respond to consumer requests. We’ll discuss the issues the proposed Regulations don’t…

The California Attorney General’s Office released its long-awaited proposed CCPA Regulations this afternoon.  The proposed Regulations are 24 pages long, and address a number of important technical compliance issues including how businesses should: provide just in time notice to consumers of personal information collected; provide notice to consumers of the right to opt out of the sale of personal information; provide notice to consumers of financial incentives; provide a CCPA compliant privacy policy; provide methods for consumers to submit requests to…

The perplexing question of what U.S. companies must do to comply with EU “cookie” law became slightly more clear with the recent decision of the European Court of Justice (CJEU) in Planet49 GmbH, but numerous questions still remain. A main source of confusion about cookies is the interplay between two EU privacy laws, the ePrivacy Directive and the GDPR. The former governs, among other things, the placement of cookies and marketing pixels on the…

Remarks Focus on Account Takeovers, BEC Schemes, Beneficial Ownership, Technological Innovation and SARs FinCEN Director Kenneth A. Blanco delivered prepared remarks on September 24 at the 2019 Federal Identity (FedID) Forum and Exposition in Tampa, Florida. Director Blanco summarized the topics of his remarks by stating the following: First, I would like to tell you a little about FinCEN. Who we are, what we do, and why I am here to speak with you today.…