|
As a LinkedIn user, I have often seen job seekers lament the fact that prospective employers appear to be engaging in age discrimination in the hiring process. I once interviewed for a job in a law firm, and the attorney conducting the interview opened the discussion by looking at my resume with a pained look on her face, and actually said “You don’t have the years you graduated on your resume” – as if these were relevant considerations. Suffice it to say I was not interested in even setting foot in that firm again, and certainly wouldn’t refer anyone to it.
With job postings seeking “recent graduates,” and interviewers commenting applicants are “over qualified for the job,” it’s no wonder why some applicants remove their respective graduation dates and past experience beyond fifteen years to avoid the age calculations, and seriously question whether age and experience are road blocks to employment and job security. Age discrimination isn’t always easy to prove, especially in light of the U.S. Supreme Court decision in Gross v. FBL Financial Services, Inc., 557 U.S. 167 (2009). In this case, the Court ruled a complainant over the age of 40 under the Age Discrimination in Employment Act of 1967 (ADEA) must prove age was the "but-for" cause for the employer's decision due to the language of the statute. To lighten this evidentiary burden, the U.S. House of Representatives introduced bi-partisan sponsored legislation to amend the ADEA. H.R. 1230 would establish age as a motivating factor for any unlawful employment practice, even though other factors also motivated the practice, thereby allowing the "mixed motive" claims denied in Gross v. FBL Financial Services, Inc. The bill was introduced in February 2019 and amended in January 2020. The legislation would permit a complaining party to rely on any time or form of admissible evidence for a reasonable trier of fact to find that an unlawful practice occurred. It would also authorize a court to grant declaratory and injunctive relief, attorney’s fees and costs; however, despite these authorizations, it would prohibit a court from awarding damages or issuing an order requiring any admission, reinstatement, hiring, promotion, or payment. This sounds a bit circular, so it remains to be seen what this will mean. The bill applies the same standard of proof to other employment discrimination and retaliation claims, including claims under the Civil Rights Act of 1964, the Americans with Disabilities Act of 1990, and the Rehabilitation Act of 1973. The U.S. Equal Employment Opportunity Commission maintains statistics regarding the number of age discrimination claims received under Federal law, which has been between over 14,000 to over 24,000 claims in one year. While age discrimination claims may remain difficult to advance if this legislation is enacted, it will likely increase awareness and the number of allegations. Preparing for this new legislation will require a review of your institution’s job postings, social media posts, interview questions, performance evaluation protocols, and overall management and conduct in the workplace. Veronica Madsen PLEASE NOTE: The information and opinions provided on this blog are not intended to be legal advice. No attorney-client relationship is formed, nor should any such relationship be implied. Nothing on this blog is intended to substitute for the advice of an attorney that is licensed in your jurisdiction. No article may be republished without the express written permission of ESTEE Compliance, LLC. © 2020
0 Comments
The U.S. Department of Justice, on behalf of the Federal Trade Commission (FTC), ordered Mortgage Solutions FCS, Inc. (doing business as Mount Diablo Lending) and its owner, Ramon Walker, to pay a $120,000 penalty for disclosing the personal information of its customers in response to complaints posted on Yelp.com to settle violations of the Federal Trade Commission Act, Regulation P, the Fair Credit Reporting Act (FCRA), the Safeguarding Customer Information rule, and the Dodd-Frank Act provisions regarding Unfair, Deceptive or Abusive Acts or Practices (UDAAP).
Mortgage Solutions is a mortgage broker that collected and maintained nonpublic personal information from applicants and customers. Between approximately June 2015 and August 2016, Walker published responses to complaints posted on Yelp.com, a public website, including information such as customers’ names (first and last) sources of income, debt-to-income ratios, credit histories (e.g., late payments and charge offs), taxes, family relationships and health. Some of the Yelp.com responses included the following statements:
It can be very tempting to respond to complaints containing false allegations against your employees or institution with information you have in a file, and it can be frustrating that these allegations can appear legitimate on public websites due to your inability to address them head-on in the same manner. However, at no time can you include any personal information in any public response – no matter how false or incendiary the postings may be. How you respond communicates more than the complaints alleged, and the consequences can be severe. The FTC settlement announcement can be found here. Veronica Madsen PLEASE NOTE: The information and opinions provided on this blog are not intended to be legal advice. No attorney-client relationship is formed, nor should any such relationship be implied. Nothing on this blog is intended to substitute for the advice of an attorney that is licensed in your jurisdiction. No article may be republished without the express written permission of ESTEE Compliance, LLC. © 2020 On November 12, 2019, the U.S. Senate introduced S.2834 that would amend the Federal Credit Union Act (FCUA) to exclude loans to veterans from the definition of a member business loan (MBL). The U.S. House reintroduced a similar bill, H.R. 2305, in an effort to provide greater access to loans that may be inaccessible due to a credit union’s MBL cap. Both bills have obtained bipartisan support, increasing the odds of passage.
Both bills have been widely praised by the industry and credit union trade associations. However, this bill could have the unforeseen consequence of impacting access to veteran loans if a number of credit unions have as yet avoided implementing a costly commercial loan program, or impose new loan program and compliance expenses 180 days after the enactment of the FCUA amendment to provide a needed service to veteran members. If veteran loans are excluded from the MBL definition, business loans to veterans would naturally become commercial loans under the law. The National Credit Union Administration (NCUA) would be required to amend the definition of “commercial loan” under Part 723.1 to include veteran loans, without the ability to provide the flexibility to include them as MBLs. [As an aside, the NCUA should take the opportunity to fix the mistake made after the passage of the 2018 Economic Growth Act where non-occupied, investment property loans were excluded as MBLs, but not included as commercial loans (see ESTEE Compliance Blog dated 6/11/2018).] Part 723.4 imposes a number of commercial loan program requirements for business loans that fall outside the MBL definition. However §723.1(b) excludes credit unions from the commercial loan policy, and the board and management requirements of the rule if all of the following conditions are met:
At the time Part 723 was revised in February 2016, NCUA MLB Final Rule Summary estimated 660 smaller credit unions, representing 30 percent of credit unions with MBLs, would receive this exemption. According to the NCUA’s Industry at a Glance, as of March 31, 2019, the average credit union asset size is $283 million, which represents a likely reduction in the number of these exemptions since the passage of the 2016 MBL rule revision. Some credit unions falling outside this exemption without the proper resources or staff experience have decided not to write commercial loans to avoid the expense and compliance burdens associated with a commercial loan program. These bills may force their hand or risk a reduction in access to business loans for veterans. Before the celebration of removing veteran loans from the MBL cap begins, there are some questions to be answered:
Now is the time to consider the implications of an FCUA amendment and begin preparations that may impact your staff and budget for 2020 – despite the drama and many distractions occurring in Congress that will likely delay passage of this bipartisan legislation – to ensure our veterans receive the services they need from the industry. Veronica Madsen PLEASE NOTE: The information and opinions provided on this blog are not intended to be legal advice. No attorney-client relationship is formed, nor should any such relationship be implied. Nothing on this blog is intended to substitute for the advice of an attorney that is licensed in your jurisdiction. No article may be republished without the express written permission of ESTEE Compliance, LLC. © 2019 The California Attorney General recently released its proposed regulation to the California Consumer Protection Act (CCPA). The CCPA, a privacy statute, was enacted in 2018 and takes effect on January 1, 2020. Text of the CCPA can be found here, and text of the proposed regulation can be found here. Comment is due by December 6, 2019.
Two items to note regarding the law and the proposed regulation. First, if your institution meets the coverage criteria below, the law’s exemption for financial institutions is not a blanket exemption. Second, the proposed regulation imposes a substantial burden regarding website disclosures for those that are covered under the law. CCPA Coverage The CCPA applies to each business that collects personal information about consumers. A “business” is defined as follows:
“Personal information” includes “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household…” such as a real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, social security number, driver’s license number, passport number, Internet browsing history, geolocation data, and employment-related information. The CCPA exempts the collection, processing, selling or disclosure of a consumer’s personal information pursuant to a specified federal law relating to “banks, brokerages, insurance companies…,” which would be covered under the Gramm-Leach-Bliley Act (GLBA). However, the GLBA only protects nonpublic personal information of consumers and customers used for “personal, family or household use,” and you will note the CCPA definition is more expansive. What does this mean? Institutions covered by the CCPA would remain covered for personal information collected from sole proprietors, prospective employees, independent contractors, and (potentially) website visitors. CCPA Proposed Disclosure Requirement The proposed CCPA regulation would require the privacy notices to be “accessible to consumers with disabilities. At a minimum, provide information on how a consumer with a disability may access the notice in an alternative format.” These notices have to be seen before a business collects the information, so if the website is the first contact with a consumer, the website would be required to provide accommodations. What the proposed regulation fails to provide is a definition of “disabilities,” or any guidance on what the minimum requirements would be. Taking into account the various forms of disability, compliance with this requirement would be quite burdensome. Many financial institutions will not be required to comply with the CCPA. However, it is still worth reviewing, as fourteen other state legislatures have introduced bills to provide greater privacy protections than the (GLBA) provides. The International Association of Privacy Professionals (IAPP) maintains an updated state privacy law comparison chart, which can be found here. In the event additional states pass such laws, the CCPA could well be the model used to draft them. Veronica Madsen PLEASE NOTE: The information and opinions provided on this blog are not intended to be legal advice. No attorney-client relationship is formed, nor should any such relationship be implied. Nothing on this blog is intended to substitute for the advice of an attorney that is licensed in your jurisdiction. No article may be republished without the express written permission of ESTEE Compliance, LLC © 2019 Noteworthy Sixth Circuit Court of Appeals Rulings for Financial Institutions in August 20199/19/2019 The Sixth Circuit Court of Appeals released two opinions of import to financial institutions in late August 2019.
In the first case, Karla Brintley v. Aeroquip Credit Union; Belle River Community Credit Union, Karla Brintley, who is blind, sued the two credit unions under Article III of the Americans with Disabilities Act and Michigan state law for failure to make their respective websites accessible to blind individuals. Thus far, all of the cases filed against credit union for ADA noncompliance have been dismissed for a lack of standing due to the fact the plaintiffs have all been non-members of each credit union defendant. The credit unions at the district court level had filed motions to dismiss because, as a non-member, Brintley did not have standing to sue under Title III. The District Court rejected the credit unions’ motions to dismiss the case, but the Sixth Circuit overturned this ruling and dismissed both suits. Though the decision represented a victory for the credit union industry in the Sixth Circuit Court states of Kentucky, Michigan, Ohio and Tennessee, it was a narrow one and represents a shift in the way these cases have been decided. According to the Court, “...if she had claimed an interest in joining one of the credit unions, she would have been on the same footing as a sighted individual engaged in the same [membership] inquiry. But no, that is not her position. She has not conveyed any intent to join either credit union.” Relying on Griffin v. Dep’t of Labor Fed. Credit Union, 912 F.3d 649, 653 (4th Cir. 2019), without “a connection between the plaintiff and the defendant,” Brintley lacked the requisite standing to sue. Had Brintley merely expressed an interest in becoming a member and taken steps to become eligible for membership, the credit unions would have lost these cases. Additionally, the concurring opinion is both instructive and concerning regarding the membership issue. The concurring judge wrote separately “to make clear that my concurrence is based only on Brintley’s failure to sufficiently allege that the websites contained information or services that she could use, and not on the proposition that a non-member or non-eligible person is per se unable to challenge the accessibility of a credit union’s website.” What does this mean? Standing in future ADA-related website lawsuits could be met by membership-eligible non-members who merely allege an interest in joining the credit union. It may be more expensive to keep fighting these cases than it would be to make the credit union websites ADA compliant. In the second case, Michael L. Scott; Linda A. Larkin v. First Southern National Bank, the plaintiffs sued the bank for, among other things, violating the Fair Credit Reporting Act (FCRA) by willfully and/or negligently failing to fully and timely investigate plaintiffs’ complaints of inaccurate reporting of credit information to credit reporting agencies, as well as tortiously interfering with plaintiff’s business relationships by deliberately reporting false credit information. The District Court granted the bank’s motion for summary judgment, which the Sixth Circuit affirmed. The plaintiffs had a number of loans with the bank, including a construction loan and a line of credit. The plaintiffs’ credit line with the bank was set to mature while their request to renew itwas pending, so the bank agreed to accept interest-only payments. However, the bank failed to extend the maturity date, and after the plaintiffs failed to make the interest payments for two months, the bank’s computer system generated automated delinquency notices. The plaintiffs obtained financing elsewhere for their construction project, and used some of the proceeds to completely pay off the bank. Plaintiffs obtained an attorney who submitted a letter to the bank that their credit report continued to show a delinquency even though no money was owed to the bank, and a second letter five months later that the issue was not resolved. The bank submitted an additional correction to the credit reporting agencies, and the plaintiffs filed their lawsuit. The Sixth Circuit ruled the district court properly dismissed this claim because the plaintiffs never notified a consumer reporting agency regarding their dispute, which is “a prerequisite for prevailing on their FCRA claims.” The bank’s duty to investigate the dispute was never triggered because the furnisher (i.e., the bank) must have received a notice from a credit reporting agency – not the plaintiffs – that the credit information was disputed. The district court was also ruled to have correctly dismissed the tortious interference claim because it arose from the bank’s reporting incorrect information to the credit reporting agencies, and the FCRA preempts state law that relates to a furnisher’s submission of credit information to these agencies. The Court held the FCRA preempts both state statutory and state common law (i.e., lawsuit) claims. The moral of this story is important for all financial institutions: Filing successful FCRA claims, as well as successfully getting such lawsuits dismissed, requires in-depth knowledge of the FCRA and how it protects both consumers and furnishers of credit information. Veronica Madsen PLEASE NOTE: The information and opinions provided on this blog are not intended to be legal advice. No attorney-client relationship is formed, nor should any such relationship be implied. Nothing on this blog is intended to substitute for the advice of an attorney that is licensed in your jurisdiction. No article may be republished without the express written permission of ESTEE Compliance, LLC. © 2019 On August 28, 2019, the Eleventh Circuit Court of Appeals published its opinion in Regions Bank v. Legal Outsource PA regarding whether a guarantor is considered an “applicant” under the Equal Credit Opportunity Act (ECOA). The Eleventh Circuit handles federal appeals arising from cases tried in Alabama, Georgia and Florida.
Legal Outsource PA, a law firm wholly owned by Charles Phoenix, defaulted on a Regions Bank loan that triggered the default of a loan and mortgage Regions issued to Periwinkle Partners, LLC, an entity wholly owned by Phoenix’s wife, Lisa Phoenix. In the Regions Bank actions to enforce its rights under the loan and mortgage, Lisa Phoenix filed a counterclaim that Regions discriminated against her and Charles based on their marital status by demanding Charles Phoenix and Legal Outsource guarantee the Periwinkle loan. The district court ruled Lisa Phoenix’s counterclaims failed because she lacked standing, as a guarantor is not an “applicant” under the ECOA entitled to anti-discrimination protections. The Eleventh Circuit affirmed this decision. Phoenix argued Regulation B § 202.2(e), which implements the ECOA, provides the term “applicant” includes guarantors, and §202.7(d)(1) prohibits the signature of a spouse, other than a joint applicant, on any credit instrument if the applicant independently qualified as creditworthy. The appeals court reasoned the “applicant” under the ECOA is defined as “any person who applies to a creditor directly for…credit, or applies to a creditor indirectly by use of an existing credit plan for an amount exceeding a previously established credit limit.” The court ruled it did not need to defer to the Regulation B definition because the statute’s definition is unambiguous. This ruling differs from the Sixth Circuit Court of Appeals decision in RL BB Acquisition, LLC v. Bridgemill Commons Dev. Grp, which held the definition of “applicant” under the ECOA was ambiguous and, therefore, deferred to the Consumer Financial Protection Bureau’s interpretation under Regulation B that guarantors are “applicants.” The Sixth Circuit handles federal appeals arising from cases tried in Kentucky, Michigan, Ohio and Tennessee. This case could go to the U.S. Supreme Court. Why? Not only are the appeals courts split, this issue already was tried before the Supreme Court. On March 22, 2016, the Court upheld the Eight Circuit Court of Appeals decision in Hawkins v. Community Bank of Raymore that spousal guarantors could not bring a discrimination claim against creditors under the ECOA because the guarantors did not qualify as “applicants.” However, the Supreme Court’s decision was 4-4, which means the issue is only affirmed and precedential in the Eighth Circuit. The Eighth Circuit handles federal appeals arising from cases tried in Arkansas, Iowa, Minnesota, Missouri, Nebraska, North Dakota and South Dakota. While we can speculate as to how a full court would rule, it remains to be seen whether a writ of certiorari will be filed to appeal this Eleventh Circuit decision. Veronica Madsen PLEASE NOTE: The information and opinions provided on this blog are not intended to be legal advice. No attorney-client relationship is formed, nor should any such relationship be implied. Nothing on this blog is intended to substitute for the advice of an attorney that is licensed in your jurisdiction. No article may be republished without the express written permission of ESTEE Compliance, LLC. © 2019 The Eleventh Circuit Court of Appeals released its opinion in Federal Deposit Insurance Corporation v. R. Charles Louderman, Sr., et al on July 22, 2019. The court upheld the District Court for the Northern District of Georgia’s decision finding the directors of the shuttered Buckhead Community Bank jointly and severally liable for negligence.
The Federal Deposit Insurance Corporation (FDIC) closed a failing Georgia bank in 2009 after it suffered millions of dollars in losses due to bad loans. After the FDIC was receiver of the failed bank, the agency sued the directors and officers for negligence and gross negligence for approving ten risky loans resulting from the failure to conduct proper research. The District Court awarded the FDIC nearly $5 million in damages. The directors were unsuccessful in advancing their arguments that the District Court should have apportioned the director liability because not all of the directors attended the board meetings where the loans were presented and approved. Aside from Georgia law precluding such an argument, the Bank’s quorum-approval policy allowed the Directors’ Loan Committee members “to act as agents for each other.” The policy required unanimous consent for loans to be approved, and at no time did any member - present or absent from the meeting - object to the approval of the loans at issue. As the court stated, “...the absent members, by not exercising their veto power, allowed the quorum to speak for them.” Lending credence to the negligence claim was the fact that the loan packet information was unreliable. For one of the loans at issue, the loan packet included an appraisal for the land, with the incorrect assumption the land had been rezones at the time of the appraisal. Another loan packet failed to include information related to creditworthiness, but did contain irrelevant information the applicant belonged to a country club. What can be learned from this case? First, a review of the board policies is in order to determine whether actions taken by those present at meetings can negatively impact those not present when important decisions are made. Second, loan packets should be audited/reviewed before they are presented to the board committee for approval, ensuring all board members receive the information in a sufficient amount of time before the approval vote. Third, board members must be actively engaged by carefully reviewing all submitted information, asking questions, and ensuring all policy requirements have been met before approving any request. Veronica Madsen PLEASE NOTE: The information and opinions provided on this blog are not intended to be legal advice. No attorney-client relationship is formed, nor should any such relationship be implied. Nothing on this blog is intended to substitute for the advice of an attorney that is licensed in your jurisdiction. No article may be republished without the express written permission of ESTEE Compliance, LLC. © 2018 The courts deciding issues under the Telephone Consumer Protection Act (TCPA) in 2018 did little to provide greater clarity on how callers can effectively avoid liability for telephone calls and text messages to consumers. Until the Federal Communications Commission (FCC) issues another TCPA Order in light some of these court decisions, Congress passes amendments to the law, and/or the U.S. Supreme Court addresses the conflicting decisions of the various appeals courts, compliance with the TCPA will depend on where you do business.
What is an “Automated Telephone Dialing System”? Perhaps the area of greatest confusion and risk of liability lies with the issue of how an automated telephone dialing system (ATDS) is defined. The FCC 2015 Order interpreted an ATDS to include equipment that has the potential ability to dial randomly or sequentially, including by the modification of equipment or adding software to provide these capabilities in the future. A number of entities, including ACA International, requested judicial review of the 2015 Order. On March 16, 2018, the D.C. Circuit Court of Appeals in ACA International v. FCC rejected the FCC’s 2015 interpretation of an ATDS. The court ruled it is unreasonable to conclude a smartphone qualifies as an ATDS “because they have the inherent ‘capacity’ to gain ATDS functionality by downloading an app.” The focus, the court ruled, should be on “how much is required to enable the device to function as an autodialer.” In response to this decision, the FCC sought the following comment on TCPA interpretations:
Comment had ended on June 28, 2018, but the FCC reopened its comment call after the Ninth Circuit Court of Appeals expanded its interpretation of an ATDS in its Marks v. Crunch San Diego, LLC decision dated September 20, 2018. In this case, gym operator Crunch was alleged to have violated the TCPA by sending promotional text messages using an ATDS without consent. The Ninth Circuit ruled the TCPA’s language was “ambiguous on its face” regarding whether the phrase “using a random or sequential number generator” modifies both “store” and “produce.” The court interpreted the TCPA to mean an ATDS is “not limited to devices with the capacity to call numbers produced by a ‘random or sequential number generator’ but also includes devices with the capacity to stored numbers and to dial store numbers automatically.” Note: The Ninth Circuit covers Arizona, California, Idaho, Nevada, Montana, Oregon and Washington. As a result of the Marks decision, the FCC requested comment on the following questions:
This comment period ended on October 24, 2018. On October 30th, the Ninth Circuit denied the defendant’s Petition for Rehearing En Banc. Crunch has 90 days to submit a Petition for Writ of Certiorari with the Supreme Court. Given the different appellate court rulings on the ATDS definition, it is highly likely this issue will go before the U.S. Supreme Court regardless of how the FCC rules. For example, on June 26, 2018, the Third Circuit Court of Appeals in Dominguez v. Yahoo ruled in light of the D.C. Circuit’s ACA International decision, a plaintiff must prove a phone system has the present capacity (and not the potential capacity) to generate random and sequential telephone numbers and dial those numbers. In Dominguez, the consumer received approximately 27,800 text messages in 17 months from Yahoo on his used smartphone alerting him to Yahoo emails he was receiving. Because the prior owner of the phone had enrolled the number in Yahoo’s text messaging notification system, Yahoo responded to his request to stop the messages that the service could only be stopped if the former owner of the phone disabled it himself. The court ruled Yahoo’s Email SMS Service did not have the present capacity to function as an ATDS. Note: The Third Circuit Court of Appeals covers Delaware, New Jersey, Pennsylvania and the Virgin Islands. On June 29, 2018, the Second Circuit Court of Appeals in King v. Time Warner Cable sided with the ACA International decision that the term “capacity” means a device’s present functions, and remanded the case back to the District Court to determine whether TWC’s systems had the ability to perform the functions of an ATDS when it made the calls to King. King, the plaintiff and a customer of Time Warner Cable (TWC), agreed to receiving telephone calls, including automated messages. King sued TWC after receiving over 150 automated voice message collection calls for another customer who had owned her cell phone number, even after requesting the calls cease. Note: The Second Circuit Court of Appeals covers Connecticut, New York and Vermont. Who is the “Called Party”? The ACA International Court affirmed the 2012 Seventh Circuit Court of Appeals decision in Soppet v. Enhanced Recovery Company, LLC that the “’called party’ means the person subscribing to the called number at the time the call is made.” While neither King nor Dominguez were the intended parties called or texted, neither case addressed the meaning of the “called party” as an issue. Revocation of Consent In 2018, the courts treated the issue of consent revocation differently as well. After receiving a number of calls with prior express consent, the plaintiff in McMillion v. Rash Curtis & Associates told the defendant: “I told you guys to stop called [sic] me, but you guys keep calling me…I asked you nicely to stop calling and that I didn’t have anything that you needed at the moment but if I do come across it I’ll definitely give you guys a call. But you guys are not supposed to be calling me.” The U.S. District Court for the Northern District of California on February 2, 2018 denied the defendant’s argument that revocation of consent must “clearly express his or her desire not to receive further calls,” and held in that service of a legal complaint operates as revocation as a matter of law. However, the U.S. District Court for the Northern District of Ohio ruled on April 30, 2018 in Barton v. Credit One Financial that the plaintiff could not orally revoke consent when the contract specifically required a revocation in writing. The court held the plaintiff could not “unilaterally alter the terms of the agreement to claim that his oral revocation of consent was valid.” The FCC’s 2015 Order provides a different standard. The order provides revocation must be reasonable, which is determined by the totality of the circumstances. Callers cannot may not designate a method of opting out in ways that make it difficult or impossible to revoke consent. The D.C. District Court in ACA International held callers “have every incentive to avoid TCPA liability by making clearly-defined and easy-to-use opt-out methods.” On March 28, 2018, the U.S. District Court for the District of New Jersey ruled in Rando v. Edible Arrangements that the Plaintiff’s efforts were not reasonable. Edible Arrangements instructed consumers to reply “STOP” to cease future text messages. The Plaintiff instead texted: (1) “Take my contact info off please”; (2) “I want to confirm that I have been removed off your contacts”; (3) “I asked to be removed from this service a few times. Stop the messages ; and (4) “Again I want to stop this service thank you.” On October 26, 2018, the Ninth Circuit ruled in Epps v. Earth Fare, Inc. that the plaintiff’s attempt to stop text messages from the defendant with texts such as “I would appreciate if we discontinue any further texts” and “Thank you but I would like the texts messages to stop can we make that happen” were not reasonable because it was communicated to just text “Stop.” Congressional Action Both the U.S. House of Representatives and the U.S. Senate have drafted legislation amending the TCPA. The “Stopping Bad Robocalls Act” (H.R. 6026 and S. 3078), would add a new definition of “robocall” in place of an ATDS. The new term would include devices that making calls using “numbers stored on a list” (in addition to dialing random or sequential numbers). The new definition clarifies robocalls do not include using equipment where “substantial additional human intervention” is required to place the call. The bills would also require the FCC to establish a nationwide database of reassigned telephone numbers. Voice providers would have to ensure information is accurate and prevent calls from connecting where caller ID verification cannot be made. The bills would also extend the statute of limitations for FCC enforcement of TCPA violations from 1 year to 4 years. It remains to be seen whether either bill will pass out of committee to a full vote. Veronica Madsen PLEASE NOTE: The information and opinions provided on this blog are not intended to be legal advice. No attorney-client relationship is formed, nor should any such relationship be implied. Nothing on this blog is intended to substitute for the advice of an attorney that is licensed in your jurisdiction. No article may be republished without the express written permission of ESTEE Compliance, LLC. © 2018 The Consumer Financial Protection Bureau has amended Regulation Pto implement changes to the Gramm-Leach-Bliley Act regarding the conditions under which financial institutions—including credit unions—need not provide annual privacy notice to consumers.
The final rule provides an exception to the requirement to provide an annual notice to “customers,” as defined in Regulation P §1016.3(i), herein referred to as “members.” To qualify for the annual privacy notice exception, the following two conditions must be met:
However, credit unions that choose to take advantage of the annual notice exception must still provide any opt-out disclosures required under the FCRA, if applicable, though they are not required annually. Credit unions can provide these disclosures through other methods, for example, through their initial privacy notices in most circumstances. When the Exception No Longer AppliesUnder the final rule, when the exceptions are no longer met, an annual privacy notice must be provided. The timing of the required annual notice differs, depending on whether the change that causes the credit union to no longer qualify for the annual notice exception also triggers a requirement under Regulation P to deliver a revised notice. Section 1016.8 requires credit unions to provide revised notices to members before nonpublic personal information is shared with a nonaffiliated third party if their sharing would be different from what was described in the initial notice delivered. After delivering the revised notice, the credit union must also give the member a “reasonable opportunity” to opt out of any new information sharing beyond the Regulation P exceptions before the new sharing occurs. When an annual notice is required, it must be provided ‘‘at least once in any period of 12 consecutive months.’’ A credit union may define the 12-consecutive-month period but must apply it to the customer on a consistent basis. When the annual notice requirement is triggered, credit unions must deliver the annual notice within 100 days after the change that caused the exception to be lost. The final rule provides an example for when a credit union must provide an annual notice after it no longer meets the exception. The example assumes that a credit union changes its policies or practices effective April 1 of year one and defines the 12-consecutive-month period as a calendar year. The regulation states the credit union must provide an annual notice by December 31 of year two if the credit union was required to provide a revised notice prior to the change and provided that revised notice on March 1 of year one in advance of the change. The credit union must provide an annual notice by July 9 of year one if the credit union was not required to provide a revised notice prior to the change. When the credit union once again meets the exception after having to provide annual notices, the annual notice would no longer be required. Alternative Delivery Method Effectively Eliminated Previously under Regulation P, credit unions using the alternative delivery method were required to mail annual notices to members who requested them by telephone. Credit unions were also required to include a clear and conspicuous statement of availability at least once a year on an account statement, coupon book, or a notice or disclosure the credit union issued under any provision of law. The final rule has eliminated the alternative delivery method for providing the annual privacy notice. Credit unions that meet the conditions to use the alternative delivery method will also meet the conditions of the annual privacy notice exception. Credit unions that qualify for the new annual notice exception may still choose to post privacy notices on their websites, and/or deliver privacy notices to members upon request. Such activities will not affect the eligibility for the new exception. This final rule became effective on Sept. 17, 2018. The Economic Growth, Regulatory Relief, and Consumer Protection Act (SB 2155), among other regulatory relief provisions, amended the 2015 Home Mortgage Disclosure Act to provide partial exemptions from the collection and reporting of the expanded 2015 HMDA data points.
While the law lowers the number of institutions reporting sensitive financial information of mortgage loan applicants, it does not go far enough in that it does not address the issue of keeping certain HMDA data points from being made public. Given the ongoing data security concerns at the Consumer Financial Protection Bureau, the privacy issue must be addressed in a manner that goes much further than what the CFPB proposed in its July 5 statement. SB 2155 Amendments to 2015 HMDA Rule In part, the 2015 HMDA rule added 25 new data points on the loan/application register for both closed-end and open-end lines of credit. This rule requires reporting of the new HMDA data points for mortgage-lending institutions that originated at least 25 closed-end mortgage loans or at least 500 open-end lines of credit in each of the two preceding calendar years (i.e., calendar years 2018 and 2019). SB 2155 amends the exemption threshold for both closed-end mortgage loans and open-end lines of credit to fewer than 500 such loans and lines of credit in the preceding calendar year. Note: The current CFPB HMDA summary provides the open-end lines of credit exemption will be reduced to 100 such lines of credit beginning on Jan. 1, 2020, unless the CFPB takes “further action.” SB 2155 appears to make this 500 open-end lines of credit exemption threshold permanent. Under SB 2155, for mortgage lenders meeting the closed-end mortgage loans or open-end lines of credit reporting exemption, the requirements of HMDA §304(b)(5) and (6) will not apply. What this means is that mortgage lenders meeting the closed-end and open-end thresholds will not have to record and report the new HMDA data points, but must still record and report the original 21 HMDA data points on the LAR, which are as follows:
CFPB Proposal Regarding Privacy of HMDA Data Also anticipated is the final HMDA rule proposed by the CFPB in September 2017 regarding the data that will be made available to the public beginning in 2019 for mortgage lenders that exceed the exemption thresholds provided by SB 2155.
The loan amount, age of the applicant, the applicant’s debt-to-income ratio and the property value each would be disclosed as a range or an interval. Loan amounts would be reported in intervals of $10,000 as opposed to the nearest $1,000. Data Security Concerns More will need to be done to protect non-public personal information from being disseminated to the public, as there continue to be data security concerns at the CFPB. For example, the October 2017 Audit of the CFPB’s Information Security Program conducted by the Office of Inspector General found the agency did not mandate the use of personal identity verification credentials for its privileged and non-privileged users, which “poses an increased risk of unauthorized access to the CFPB’s information systems.” Additionally, CFPB “has not ensured that background checks are completed for contractor personnel performing IT work.” The OIG’s January 2018 Audit of the CFPB’s Encryption of Data on Mobile Devices found “the CFPB has not been able to provide a full accounting of all laptops that have been assigned to users since the establishment of the agency.” In his April 11, testimony presenting the “2018 Semi-Annual Report of the Bureau of Consumer Financial Protection” to Congress, then CFPB Director Mick Mulvaney told lawmakers that the CFPB had suffered 240 data security "lapses" and another 800 "incidents.” Though none have been deemed a major security breach, concerns remain regarding whether the sensitive financials of mortgage loan applicants and home buyers should be transmitted, stored and shared. Until greater consumer protections are provided, we will have to settle for fewer institutions reporting this data. Veronica Madsen is CEO at ESTEE Compliance, LLC in the Detroit area. Note: The information and opinions provided on this blog are not intended to be legal advice. No attorney-client relationship is formed, nor should any such relationship be implied. Nothing on this blog is intended to substitute for the advice of an attorney that is licensed in your jurisdiction. No article may be republished without the express written permission of ESTEE Compliance, LLC. © 2018 |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
October 2018
Categories |
RSS Feed
Proudly powered by Weebly