On October 16, the New York State Department of Financial Services (NY DFS) issued an industry letter to entities regulated by NY DFS (covered entities) providing guidance addressing the cybersecurity risks associated with...more
10/31/2024
/ Artificial Intelligence ,
Covered Entities ,
Cyber Attacks ,
Cybersecurity ,
Data Management ,
Financial Services Industry ,
NYDFS ,
Risk Assessment ,
Risk Management ,
Social Engineering ,
Third-Party Risk
This week, the Consumer Financial Protection Bureau (CFPB or Bureau) issued its final rule on personal financial data rights, purportedly aimed at enhancing consumer control over their financial data and promoting competition...more
10/24/2024
/ Banks ,
Consumer Data Requests ,
Consumer Financial Products ,
Consumer Financial Protection Bureau (CFPB) ,
Data Management ,
Dodd-Frank ,
Final Rules ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
Open Banking
On September 24, the Consumer Financial Protection Bureau (CFPB or Bureau) announced a significant development in its efforts to implement open banking rules in the United States. The Bureau has initiated a public comment...more
Join Kim Phan, co-host of the Troutman Pepper podcast, FCRA Focus, as she welcomes special guests from the Credit Builders Alliance (CBA). In this episode, Chief Technical Officer Elisabeth Johnson-Crawford and Manager of...more
Using AI in HR - Hire or Hover? Hiring executives are asking if the compliance costs and discrimination risks outweigh the anticipated benefits of using artificial intelligence (AI) tools for hiring and employment-related...more
9/18/2024
/ Algorithms ,
Americans with Disabilities Act (ADA) ,
Artificial Intelligence ,
Civil Rights Act ,
Corporate Counsel ,
Data Protection ,
Data Protection Impact Assessments (DPIAs) ,
Employment Discrimination ,
Hiring & Firing ,
Human Resources Professionals ,
Machine Learning ,
Title VII
In this episode of The Consumer Finance Podcast, Chris Willis is joined by privacy Partner Kim Phan and Rami Haddad, deputy general counsel at PRA Group. This episode delves into a range of emerging privacy issues impacting...more
In this special crossover episode of The Consumer Finance Podcast and FCRA Focus, host Kim Phan is joined by fellow Troutman Pepper partner Stefanie Jackman and Michelle Macartney, managing partner and chief compliance...more
In this episode of FCRA Focus, host Kim Phan is joined by fellow Troutman Pepper partner Stefanie Jackman and Michelle Macartney, managing partner and chief compliance officer at Bridgeforce. Together, they delve into the...more
Rhode Island has become the 19th U.S. state to enact a comprehensive privacy law. On June 25, Rhode Island Governor Daniel McKee (D) transmitted the Rhode Island Data Transparency and Privacy Protection Act (RI-DTPPA) into...more
On June 11, the Consumer Financial Protection Bureau (CFPB or Bureau) released a proposed rule amending Regulation V, which implements the Fair Credit Reporting Act (FCRA), concerning medical debt. The proposed rule would...more
6/13/2024
/ Consumer Financial Products ,
Consumer Financial Protection Bureau (CFPB) ,
Consumer Reporting Agencies ,
Debt Collection ,
Fair Credit Reporting Act (FCRA) ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
Medical Debt ,
Proposed Rules ,
Regulation V ,
Regulatory Agenda ,
Reporting Requirements
Wednesday, the Consumer Financial Protection Bureau (CFPB or Bureau) announced it has finalized a rule outlining the qualifications to become a recognized industry Standard Setter body (Standard Setter Rule). These bodies...more
On May 24, Minnesota Governor Tim Walz (D) signed the Minnesota Consumer Data Privacy Act (MCDPA) into law. The MCDPA largely aligns with previous state consumer privacy laws, but it introduces some significant and novel...more
On May 9, Maryland became the second state to enact an (AADC), the Maryland Kids Code, alongside the Maryland Online Data Privacy Act (MODPA) — Maryland’s first comprehensive data privacy bill. Maryland’s AADC follows...more
On May 9, Maryland Governor Wes Moore signed the Maryland Online Data Privacy Act (MODPA) into law, making Maryland the 17th state to enact a comprehensive privacy law. Despite its name, MODPA’s coverage is not limited to...more
On May 8, attorneys general (AG) from 14 states and the District of Columbia sent a letter to Congressional leadership opposing provisions of the recently proposed federal American Privacy Rights Act (APRA). In addition to...more
In this episode of Troutman Pepper's FCRA Focus podcast, host Kim Phan delves into the topic of dispute resolution through the e-OSCAR system with special guest, Joel Strickland, the director of customer success at e-OSCAR....more
On April 12, Nebraska Governor Jim Pillen signed Legislative Bill 1074 into law, making Nebraska the 16th U.S. state to enact a comprehensive privacy law. The Nebraska Data Privacy Act (NEDPA) will take effect on January 1,...more
4/29/2024
/ Cybersecurity ,
Data Collection ,
Data Privacy ,
Data Protection ,
Gramm-Leach-Blilely Act ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Opt-In ,
Personal Data ,
Personal Information ,
Risk Assessment ,
Small Business ,
State Data Privacy Laws
On April 7, House Energy & Commerce Committee Chair Cathy McMorris Rodgers (R-WA) and Senate Commerce Committee Chair Maria Cantwell (D-WA) announced a bipartisan, bicameral draft of comprehensive data privacy legislation,...more
4/16/2024
/ Consumer Privacy Rights ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Federal Trade Commission (FTC) ,
Personal Data ,
Privacy Policy ,
Proposed Legislation ,
Regulatory Agenda ,
Regulatory Oversight ,
Regulatory Reform
On April 8, the U.S. Department of Justice (DOJ) released its Final Rule to revise existing regulations implementing Title II of the Americans with Disabilities Act (ADA). This Final Rule clarifies the obligations of state...more
4/12/2024
/ Americans with Disabilities Act (ADA) ,
Consumer Financial Products ,
Department of Justice (DOJ) ,
Final Rules ,
Financial Services Industry ,
Mobile Apps ,
State and Local Government ,
Title II ,
Title III ,
Web Content Accessibility Guidelines (WCAG) ,
Website Accessibility ,
Website Owner Liability ,
Websites
On March 28, the Federal Trade Commission (FTC) released a Privacy and Data Security Update, highlighting the FTC’s activities in recent years through December 2023. The FTC underscored its work on issues related to...more
4/12/2024
/ Algorithms ,
Artificial Intelligence ,
COPPA ,
Cybersecurity ,
Data Privacy ,
Do Not Call List ,
Fair Credit Reporting Act (FCRA) ,
Federal Trade Commission (FTC) ,
FTC Act ,
Gramm-Leach-Blilely Act ,
Machine Learning ,
Popular ,
Regulatory Agenda ,
Risk Management
On April 4, Kentucky Governor Andy Beshear signed the Kentucky Consumer Data Protection KCDPA (the KCDPA) into law, making Kentucky the third state in 2024 to enact a comprehensive privacy law (following New Jersey and New...more
In a recent speech at the Financial Data Exchange Global Summit, Rohit Chopra, Director of the Consumer Financial Protection Bureau (CFPB), discussed the current state of open banking in the United States and emphasized the...more
3/19/2024
/ Anti-Competitive ,
Banks ,
CFPB Director ,
Consumer Financial Products ,
Consumer Financial Protection Bureau (CFPB) ,
Financial Institutions ,
Financial Regulatory Reform ,
Financial Services Industry ,
Open Banking ,
Proposed Rules ,
Standard Setting Organizations
On March 6, 2024, New Hampshire Governor Chris Sununu signed Senate Bill 255 into law, making New Hampshire the 14th U.S. state to enact a comprehensive privacy law. The law, which becomes effective on January 1, 2025, is...more
Editor’s Note: In recent regulatory and enforcement developments, the White House announced a new executive order aimed at strengthening cybersecurity at U.S. ports, and another executive order was issued to protect sensitive...more
3/7/2024
/ Artificial Intelligence ,
Biden Administration ,
Consent Order ,
Consumer Financial Products ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
Executive Orders ,
Fair Credit Reporting Act (FCRA) ,
FCC ,
Financial Services Industry ,
Personal Data ,
Personally Identifiable Information ,
Robocalling ,
TCPA ,
UDAAP
In a recent alert, we reported that California Attorney General (AG) Rob Bonta announced a settlement with DoorDash over allegations that the company violated the California Consumer Privacy Act (CCPA) and the California...more
3/5/2024
/ California ,
California Consumer Privacy Act (CCPA) ,
CalOPPA ,
Data Privacy ,
DoorDash ,
Marketing ,
Mobile Apps ,
Personal Information ,
State and Local Government ,
State Attorneys General ,
Statutory Violations