Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.
Our bank and loan servicing clients also face novel challenges affecting their industry due to COVID-19, particularly the ever-changing rules and regulations concerning evictions and foreclosures. We closely track these updates and have assembled an interactive tracker containing state orders and guidance documents regarding residential foreclosure and eviction moratoriums. You may access this interactive tool at https://covid19.troutman.com/.
To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:
Privacy and Cybersecurity Activities
- On September 17, the Consumer Financial Protection Bureau (CFPB) released a report warning that millions of renters and their families may suffer previously avoided economic harms of the COVID-19 pandemic as federal and state relief programs end. The report, “Financial Conditions for Renters Before and During the COVID-19 Pandemic,” finds that some government relief efforts likely helped maintain the financial stability of renters and their families, suggesting that many may be at risk as those programs expire. The report, which compared homeowners and renters, found on average that renters’ economic conditions were significantly more responsive to relief measures, such as stimulus payments and changes in unemployment benefits. As such, when these programs end, renters and their families may be at heightened risk. For more information, click here.
- On September 14, the Federal Trade Commission (FTC) voted to approve and make public a series of resolutions that will enable agency staff to efficiently and expeditiously investigate conduct in core FTC priority areas over the next 10 years. The FTC recommended that the commission authorize eight new compulsory process resolutions in these essential areas: (1) acts or practices affecting U.S. armed forces service members and veterans; (2) acts or practices affecting children; (3) bias in algorithms and biometrics; (4) deceptive and manipulative conduct on the internet; (5) repair restrictions; (6) abuse of intellectual property; (7) common directors and officers and common ownership; and (8) monopolization offenses. For more information, click here.
- On September 13, President Joe Biden announced his intent to nominate Alvaro Bedoya to serve on the FTC. Bedoya would replace Rohit Chopra, who awaits Senate confirmation as director of the CFPB. For more information, click here.
- On January 31, 2022, the pause on interest and payments for federally held student loans will end. The CFPB issued a blog post to assist consumers in preparing for repayment and to inform them of options if they cannot afford payments. For more information, click here.
- On September 14, Virginia Attorney General Mark Herring resolved a multistate investigation led by his Consumer Protection Section into StubHub, Inc. According to the press release, more than 8,300 Virginias were affected when StubHub refused to “pay refunds to consumers for concerts, sports events, and other events that were canceled as a result of the COVID-19 pandemic.” After the investigation began, StubHub agreed to refund ticket purchases made prior to March 25, 2020 and agreed to notify affected customers. For more information, click here.
- On September 14, Arizona Attorney General Mark Brnovich announced his office filed a lawsuit against President Biden and other administration officials over the COVID-19 vaccine mandate for federal employees, federal contractors, and private businesses with more than 100 employees. According to the press release, “[t]his is the first lawsuit in the country to be filed against the Biden [a]dministration’s radical actions requiring COVID-19 vaccines.” In the lawsuit, Attorney General Brnovich argues “Biden’s vaccine mandate violates the Equal Protection Clause by favoring migrants that have crossed into the country illegally over legal U.S. citizens.” For more information, click here.
- On September 9, the California State Assembly passed a bill that would (1) restrict hospitals from selling certain patient debts; (2) require collectors to certify that patients have been screened for public programs and financial assistance before filing a collection lawsuit, and (3) extend the period before a debt could be placed with a collection agency until 180 days after the initial billing. For more information, click here.
- On September 8, Washington State Attorney General Bob Fergus announced a settlement with a debt collector that allegedly sent misleading “settlement offer” letters to resolve debts without disclosing that the debt was time-barred. According to Attorney General Fergus, failure to disclose debts past the statute of limitations violates the state’s consumer protection act. Washingtonians who sent money to the debt collector will receive that money back plus interest from the date of payment. For more information, click here.
Privacy and Cybersecurity Activities:
- On September 15, the FTC issued a statement affirming that mobile applications dealing with health information or other connected devices that collect health information “must comply with the [Health Insurance Portability and Accountability Act’s (HIPAA)] Health Breach Notification Rule[.]” For those unfamiliar with HIPAA’s Health Breach Notification Rule, it requires covered entities to send alerts upon discovering usage or disclosure of personal health information not permitted under HIPAA’s Privacy Rule. Much of the information now collected by health-focused mobile applications includes everything from glucose levels, heart health, and sleep cycles. The FTC’s statement is of particular importance for developers thinking about collecting vaccine status information for verification purposes; check out Troutman Pepper’s Law360 article to learn more about potential privacy issues. For those interested in reading more about the FTC’s statement, click here. To learn more about HIPAA’s implications on COVID-19, consider reading Troutman Pepper’s Privacy and Cybersecurity FAQs by clicking here.
- On September 13, the FTC warned individuals using LGBTQ+ dating apps that scammers have been targeting them to extort them out of their hard-earned cash. With the COVID-19 pandemic forcing people to socialize online, scammers are reportedly posing as potential romantic partners on LGBTQ+ dating apps and collecting conversations or photos to blackmail victims. Scammers threaten individuals by telling victims that unless they pay, scammers will share all of the information they gathered with friends, family, or employers. The FTC shared some tips:
- Check out whom you’re talking to by performing a search to see if their photo or profile matches a different name;
- Don’t share personal information with strangers online; and
- Don’t pay scammers to destroy data because there is no guarantee that the scammers will delete the information.
To read the full announcement, click here.
- Earlier this month, the U.S. Government Accountability Office (GAO) released the results of a study on COVID-19 exposure notification applications, also known as contact tracing. The GAO shared four policy options to assist developers with future challenges, including advice on uniform privacy and security standards. The GAO also noted that developers should consider implementing flexible privacy requirements because jurisdictions’ privacy laws vary across the nation. For those interested in reading more about the GAO’s study, click here. For developers working on contact tracing applications, consider checking out Troutman Pepper’s Law360 article, where we describe privacy guidelines for contact tracing.