Technology

Florida is one of several states that has enacted “de-banking” legislation that requires financial institutions to provide consumers with fair access to financial products and services. On May 3, Governor DeSantis signed into law H.B. 989, which amends and expands upon that law and provides additional protection for consumers against discrimination by financial institutions.
Continue Reading Florida Expands its “De-Banking” Law

On June 11, the CFPB announced a proposed rule amending Regulation V, which implements the Fair Credit Reporting Act, to alter the treatment of medical debts in credit reporting. The rule proposes to remove medical bills from most credit reports, disallow the consideration of medical debts in credit decisions, enhance privacy protections, and curtail credit reporting practices that the Bureau deems coercive.
Continue Reading CFPB Proposes Rule to Transform Credit Reporting Practices on Medical Debt

On May 16, the Maryland Office of Financial Regulation (“OFR”) announced a settlement with a Missouri-based bank and its fintech partners for engaging in unlicensed lending, credit repair, and debt collection activities. 

In the OFR’s January 2021 Charge Letter, the agency alleged that the bank and its fintech partners violated Maryland law by its failure to hold a lending, debt collection, and credit repair license. According to the OFR, the bank offered in-store retail credit financing as well as store-branded credit cards to Maryland consumers. 
Continue Reading Maryland Banking Regulator Settles with Bank/Fintech Partnership For Unlicensed Lending, Credit Repair, and Debt Collection Activities

Privacy professionals know “adaptable” programs are important. But what does that really mean? What does it look like? And how do we create one? We know that with the never-ending list of new laws and modifications to existing laws, being adaptable is key. To say nothing of regulatory enforcement and class action exposure. The following are ideas to help create -or modify- your program to be adaptable in face of the constantly changing privacy patchwork.
Continue Reading What Does an Adaptable Privacy Program Look Like?

Minnesota’s governor has now signed into law that state’s comprehensive privacy law. For those keeping count – that is number 19 of state “comprehensive” privacy laws, with six in 2024 alone. The Minnesota law will go into effect on July 31, 2025, thirty days after Tennessee’s.
Continue Reading The Land of 10,000 Lakes Adds New Consumer Privacy Law: Minnesota Joins Privacy Fray

On May 31, the CFPB filed suit in federal court in the Middle District of Pennsylvania against a Pennsylvania-based student loan servicer accusing it of illegally pursuing student loan debts discharged in bankruptcy and providing false information to credit reporting agencies. The CFPB’s lawsuit asks the court to order the servicer to stop its illegal conduct, provide redress to borrowers, and pay a civil penalty.
Continue Reading CFPB Takes Legal Action Against PHEAA for Chasing Debt on Discharged Student Loans

On June 4, the CFPB issued a circular targeting the deceptive use of fine print in consumer financial contracts to include unlawful or unenforceable terms. In a press release issued the same day, the CFPB stressed that these terms may deceive consumers into believing they have relinquished certain rights and protections, guaranteed to them under existing consumer protection laws.
Continue Reading CFPB Circular Targets “Deceptive” Fine Print

On June 3, the CFPB issued its final rule codifying its “repeat offender registry.” The registry will require certain nonbank entities subject to agency or court orders issued in connection with the provision of a consumer financial product or service, to report the existence of such orders to the CFPB’s public registry.
Continue Reading CFPB Final Rule Establishes Registry for Violators of Consumer Finance Laws

At last week’s America’s Physician Group Spring conference in San Diego, California, our team heard firsthand how physicians are leading efforts to integrate Artificial Intelligence (AI) applications in ambulatory and inpatient settings in major healthcare systems across the nation. Physician and IT leaders described in detail their organizations’ efforts to identify safe, cost-effective, desirable ways to leverage AI to enhance the efficiency and quality of patient care and reduce physicians’ administrative workload. Here, we highlight key approaches that have generated early success for various health systems and physician groups, as well as key pitfalls that participants looking to adopt these
Continue Reading How Physicians are Pioneering Use of AI Applications in Ambulatory and Inpatient Care

If your organization has not updated its policies to comply with Utah’s Artificial Intelligence Policy Act (the “Act”), now is the time. As we noted in a prior blog post, this law took effect on May 1st. While it imposes certain AI-related disclosure obligations on businesses and individuals as a whole, the obligations for regulated occupations (which include those licensed by the Utah Division of Professional Licensing, such as clinical services provided by a licensed healthcare provider, including a physician or nurse), are stricter.
Continue Reading Utah Providers – Are You Complying with the AI Policy Act?

The number of bar associations that have issued AI ethics guidance continues to grow, with NJ being the most recent. In its May 2024 report (Report), the NJ Task Force on Artificial Intelligence and the Law made a number of recommendations and findings as detailed below. With this Report, NJ joins the list of other bar associations that have issued AI ethics guidance, including Florida, California, New York, DC as well as the US Patent and Trademark Office. The Report notes that the practice of law is “poised for substantial transformation due to AI,” adding that
Continue Reading NJ Bar Association Warns the Practice of Law Is Poised for Substantial Transformation Due To AI

We’ve cautioned before about the danger of thinking only about US state “comprehensive” laws when looking to legal privacy and data security obligations in the United States. We’ve also mentioned that the US has a patchwork of privacy laws. That patchwork is found to a certain extent outside of the US as well. What laws exist in the patchwork that relate to a company’s activities?
Continue Reading The Privacy Patchwork: Beyond US State “Comprehensive” Laws

On May 23, the U.S. Department of Housing and Urban Development (HUD) announced that Federal Housing Administration-approved Mortgagees are subject to a heightened cybersecurity incident reporting regime. The new requirement, which amends the Single Family Housing Policy Handbook 4000.1, requires FHA-approved Mortgagees to report “suspected” “Significant Cybersecurity Incidents” within 12 hours of detection. 
Continue Reading FHA’s Releases 12-Hour Cyber Incident Notification Rule

On May 16, the CFPB filed a motion for summary judgement in the U.S. District Court in the Southern District of Florida seeking a $20 million civil penalty against a California-based mortgage provider for allegedly submitting inaccurate government mortgage loan data.
Continue Reading CFPB Files Motion for Summary Judgment on HMDA Enforcement Action

On May 30, the CFPB announced that it was probing mortgage closing costs as part of its continued focus on so-called junk fees. The Bureau’s request for information seeks input from the public on “the impact closing costs have on borrowers and the mortgage market, including the degree to which they add overall costs or otherwise cause borrower harm, and any impact such fees may have on the ability to purchase a home, anticipate and afford monthly payments, or refinance an existing mortgage.” 
Continue Reading CFPB Opens Public Probe on Closing Fees