Like most industries today, Consumer Finance Services businesses are being significantly impacted by the novel coronavirus (COVID-19). Troutman Pepper has developed a dedicated COVID-19 Resource Center to guide clients through this unprecedented global health challenge. We regularly update this site with COVID-19 news and developments, recommendations from leading health organizations, and tools that businesses can use free of charge.
Our bank and loan servicing clients also face novel challenges affecting their industry due to COVID-19, particularly the ever-changing rules and regulations concerning evictions and foreclosures. We closely track these updates and have assembled an interactive tracker containing state orders and guidance documents regarding residential foreclosure and eviction moratoriums. You may access this interactive tool at https://covid19.troutman.com/.
To help you keep abreast of relevant activities, below find a breakdown of some of the biggest COVID-19 driven events at the federal and state levels to impact the Consumer Finance Services industry this past week:
Privacy and Cybersecurity Activities
Privacy and Cybersecurity Activities:
On August 24, California Attorney General Rob Bonta reminded health care providers that they need to be in “full compliance with state health data privacy laws[.]” Specifically, the Attorney General told “[health care] entities that they must notify the California Department of Justice (DOJ) when the health data of more than 500 California residents have been breached.” As the pandemic continues, more entities are entrusted with private and deeply personal information. Attorney General Bonta urged health care entities to:
“Keep all operating systems and software housing health data current with the latest security patches;
Install and maintain virus protection software;
Provide regular data security training for staff members that includes education on not clicking on suspicious web links and guarding against phishing emails;
Restrict users from downloading, installing, and running unapproved software; and
Maintain and regularly test a data backup and recovery plan for all critical information to limit the impact of data or system loss in the event of a data security incident.”
For those interested in reading the full announcement, click here.
On August 23, Wired reported that the Power Apps portal service was misconfigured, which led to more than a thousand web applications accessible to the general public, “including data from a number of [COVID]-19 contact tracing platforms, vaccination sign-ups, [and] [COVID]-19 vaccination status.” The report describes that the exposed data came from the Power Apps development platform, making it easy to create web or mobile apps. “If you need to spin up a vaccine appointment sign-up site quickly during, say, a pandemic, Power Apps portals can generate both the public-facing site and the data management backend.” To read the full report, click here. For those interested in learning about privacy guidelines for COVID-19 contact-tracing app makers, click here.