Category Archives: Privacy

Keeping Up with Privacy

2017 has arrived. Be on the lookout:

Young woman is looking through a binocularsNew Laws

2016 did not bring dramatic changes to financial services in California, but there are a few key changes to take note of:

  • Data breaches will need to be reported if encrypted information and the encryption key were acquired by an unauthorized person.
  • Licensing will be required for Student Loan Servicers and independent contractors of Residential Mortgage Lenders who engage in activities of loan processing or underwriting.
  • Added CFL licensing exemption for one commercial loan for a 12-month period.
  • Makes mandatory requirements for debt collectors regarding identity theft.
  • Extended Increased Access to Small Dollar Loans pilot program.

For the full summary: jun-soter-2016-california-chapter-law-summary

New Regulatory and Industry Developments

Along with all the predicted changes to the CFPB, as well as:

  • OCC‘s special limited purpose national bank charter proposal for companies who lend money, pay checks or receive deposits. Public comments will be accepted until January 15, 2017. Comments are to be sent to specialpurposecharter@occ.treas.gov
  • Fast Company’s 5 Fintech Startups to Watch
  • PYMT’s 2017 predictions

 

 

Recent Doings By Consumer Financial Service Regulators

Young woman is looking through a binocularsConsumer Financial Service regulators at the federal and state level have been quite productive in 2016. To highlight a few:

CFPB

Dwolla Consent Order (UDAPP application on the payment platform’s data security representations e.g. their “data-security practices ‘exceed industry standards,’ or ‘surpass industry security standards'”)

Proposed Rule to Ban Mandatory Arbitration Clauses in contracts for consumer financial products or services.

Online Payday Lending Study (Press Release Stated: “CFPB Finds Half of Online Payday Borrowers Rack Up an Average of $185 in Bank Penalties”)

CA DBO

A Survey on Consumer and Small Business Online Lenders (survey of 5 years of aggregate data from 13 online lenders)

FTC

Dealing in personal data? Seller Beware”  Warning to lead generators and data brokers in particular–do not sell personal data where there is no legitimate need for the financial information.

** Please note that any information provided on this site is not legal advice, and does not create an attorney-client relationship.

CA Financial Services Related Bills

contract-iconVirtual Currency Act

AB 1326 (Dababneh) as amended 7.6.15

Adds Financial Code 26000 licensing for virtual currency

Creates requirements for persons engaged in any virtual currency business to either obtain a license or qualify for an exemption from licensure to operate in California. Under AB 1326 “‘virtual currency business’ means maintaining full custody or control of virtual currency in this state on behalf of others.”

Virtual currency businesses would be required to pay a $5000 application fee, complete the application form, maintain a trust account/bond to benefit consumers, provide a specified receipt to consumers, submit to examinations. Violations are subject to civil penalties.

Additionally, a virtual currency business in good standing may be eligible to convert their virtual currency business license to a money transmission license under the Money Transmission Act provided meeting certain criteria, which includes “conducting [a] virtual currency business with less than $1,000,000 in outstanding obligations and whose business model, as determined by the commissioner, represents low or no risk to consumers to register with a $500 license fee and, if approved, receive a provisional license to conduct virtual currency business.”

The bill also provides for a provisional license for virtual currency businesses “with less than one million dollars ($1,000,000) in outstanding obligations and whose business model, as determined by the commissioner, represents low or no risk to consumers may register with a five-hundred-dollar ($500) license fee with the commissioner”  They must register with FinCEN as a money services business, if applicable.

Finder’s Fee for Pilot Program for Increased Access to Responsible Small Dollar Loans

SB 235 (Block)

Would increase compensation to finders (entities that bring borrowers and licensed lenders together) from $45/40 to “no more than $70” per loan

The bill would also “require a licensee to provide the commissioner with prescribed information relating to each finder, including, but not limited to, the finder’s delinquency rate and default rate, and would authorize the commissioner to take prescribed action against a finder that is found to be in violation, including, but not limited to, disqualifying the finder from providing services under the pilot program.”

Creates Bank on California under DBO 

AB 1292 (Dababneh)

Various changes to Data Breach Notification Laws

SB 570; AB 83; AB 259; AB 964

 

Suggested Changes to Reg P (GLBA)

data-breach1As a product of the CFPB’s Streamlining Initiative to reduce unnecessary or unduly burdensome regulations,” the CFPB announced a proposal in May to change the requirements for GLBA notices under certain circumstances.

A quick reminder on what Reg P is:

“Regulation P, implementing provisions of the Gramm-Leach-Bliley Act, requires financial institutions to provide annual privacy notices to customers describing the institution’s information sharing practices and explain how a consumer can opt out of the sharing of their information when applicable.”

The proposed changes would allow “financial institutions” (FI) under the GLBA to use the alternate (electronic) method of delivering annual privacy notices if:

(1) The FI doesn’t share a customer’s nonpublic personal information (NPI) with nonaffiliated third parties that trigger opt-out rights;

(2) The FI does not include on its annual privacy notice an opt-out notice under section 603(d)(2)(A)(iii) of the Fair Credit Reporting Act (FCRA)

(3) The FI’s annual privacy notice is not the only notice provided to satisfy the requirements of section 624 of the FCRA;

(4) the information included in the privacy notice has not changed since the customer received the previous notice; and

(5) The FI uses the model form provided in the GLBA’s implementing Regulation P.

The proposed alternative would allow FIs to provide a “clear and conspicuous statement” on a notice or disclosure already sent to the consumer at least once a year that provides the consumer with the following information: that there have been no changes to the privacy policy and that the privacy policy can be accessed on the FI’s website or provided by mail by requesting a copy by calling a toll-free number.

But, generally, paper notices would still need to be mailed if there are changes in the FI’s privacy practices OR if the FI engages in information-sharing activities where a consumer has an opt-out right.

As the CFPB suggests, these changes may benefit both industry and consumers alike. It may save financial institutions large sums of money, as generating the notices, paper and snail mail isn’t cheap.  The question is whether it will make a significant difference to consumers.  Surely I can’t be the only one admits to quickly recycling my notices…

The deadline for comments is July 14, 2014.