Iowa Gov. Kim Reynolds on March 28 signed into law SF 262, making Iowa the sixth state to enact comprehensive consumer data privacy legislation.  The other states are California, Virginia, Colorado, Utah, and Connecticut.  The law will take effect Jan. 1, 2025.

In her press release, Gov. Reynolds stated, “In our digital age, it’s never been more important to state, clearly and unmistakably, that consumers deserve a reasonable level of transparency and control over their personal data. That’s exactly what this bill does, making Iowa just the sixth state to provide this kind of comprehensive protection.”

Applicability

The bill applies to any person conducting business in Iowa or producing products or services that are targeted to Iowans and that during a calendar year does either of the following: 

1. Controls or processes personal data of at least 100,000 consumers; or
   
2. Controls or processes personal data of at least 25,000 consumers and derives over 50% of gross revenue from the sale of personal data.

Exemptions

[article_ad]

Importantly, the law exempts financial institutions, their affiliates, and data subject to the Gramm-Leach Bliley Act. Also exempt, among others, are persons and certain data subject to the Health Insurance Portability and Accountability Act, and personal information to the extent its use is regulated and authorized by the Fair Credit Reporting Act.

Consumer Rights

Consumers are provided with the right to:

1. confirm whether a controller is processing the consumer’s personal data and to access such personal data;
2. delete personal data provided by the consumer;
3. obtain a copy of the consumer’s personal data; and
4. opt out of the sale of personal data.

Contract Requirements

A contract between a controller and a processor must include certain provisions to ensure that:

1. each person processing personal data is subject to a duty of confidentiality;
2. a processor will delete or return all personal data to the controller upon request;
3. a processor will provide a controller with all information necessary to demonstrate the processor’s compliance; and
4. any subcontractor or agent of the processor will meet the duties of the processor pursuant to a written contract.

Enforcement

The Attorney General has the exclusive authority to enforce the law. Prior to taking any action, the Attorney General must provide a controller or processor 90 days to cure the violation. In the absence of a cure, civil penalties of up to $7,500 may be sought for each violation.

Preemption

The law preempts “all rules, regulations, codes, ordinances, and other laws adopted by a city, county, municipality, or local agency regarding the processing of personal data by controllers or processors.”

Impression

The Iowa law is very similar to the data privacy laws in Virginia, Colorado, Utah, and Connecticut, so for businesses gearing up to comply with the law in one or more of those other states there should be little additional effort to include Iowa.

Iowa’s law is generally more business friendly since it does not include the right to correct and does not require opt in for processing sensitive data.  It also has a generous 90-day period for responding to consumer requests with a possible 45-day extension (Virginia, Colorado, Utah, and Connecticut are 45 and 45), and a 90-day cure period for violations (Virginia and Utah are 30, and Colorado and Connecticut are 60).

For more information and insight from Maurice Wutscher on data privacy and security laws and legislation, click here.

SCRANTON, Pa. — Abrahamsen Gindin LLC (AG Law), a multi-state creditors’ rights firm headquartered in Scranton, Penn., recently acquired Long Island-based Forster and Garbus LLP.

AG Law is owned by Joshua Gindin, David Schlee, Josh Borer, and Ned Abrahamsen. The firm currently operates in New York, New Jersey, Pennsylvania, Delaware, Maryland, and Washington, D.C.; it plans to expand further once the firms are fully integrated within 12 to 18 months.

In addition, AG Law will introduce cloud-based technology for better efficiency in filing lawsuits while maintaining effective and compliant attorney involvement. 

“With the synergy between the two firms, we expect to provide state-of-the-art performance for our clients,” Gindin said.

“Our goal is to maintain a compliance system that lowers legal and litigation risk for our clients,” Schlee added.

Attorney Ron Forster will be retiring once the transition is complete. “It’s comforting knowing that the relationships we have built over the last 50 years will continue uninterrupted,” Forster said. “We are confident that AG Law will meet and exceed our clients’ expectations. AG Law is a like-minded firm that brings updated technology, youth, and financial stability to our organization.”

Contact:

Evan Forster, Director of Marketing and Client Development, eforster@ag-lawllc.com, 631-393-9406

As discussed here, in August 2020, a district court for the Middle District of Tennessee held that a medical provider’s third-party billing servicer did not qualify as a debt collector under the Fair Debt Collections Practices Act (FDCPA) because the debt was not in default when it was placed with the extended billing office (EBO). On March 24, 2023, the Sixth Circuit affirmed that decision.

The complaint arose out of two visits the plaintiff made to a medical center. On each visit prior to receiving treatment, the plaintiff signed an agreement acknowledging that the medical center may use a third party as an EBO for account and billing services, and that the account would not be considered past-due or in default while placed with the EBO. The defendant EBO then sent two statements to the plaintiff, including a payment due date and a payment request, and left two voicemails. 

The plaintiff subsequently filed suit, alleging that the EBO violated 15 U.S.C. § 1692(d) and (e) of the FDCPA by failing to disclose its identity when contacting the plaintiff, failing to notify the plaintiff that it was attempting to collect a debt, and by failing to use its full “true name” in its voicemail messages. The EBO subsequently moved for summary judgment arguing that it is not a “debt collector” subject to the FDCPA. The court agreed, holding that the EBO did not fit the FDCPA’s definition of a “debt collector” as the plaintiff’s debt was not in default when the account was placed with it.

As the Sixth Circuit noted, “liability under the FDCPA attaches only to a ‘debt collector.’” In order for the EBO to be considered a debt collector under the statute, the plaintiff’s account had to be in default when it was transferred to it. Upon review of the record, the court found nothing to indicate the plaintiff’s account was being treated as in default. 

While the plaintiff had failed to pay the bill marked “due on receipt” weeks before the account was placed with the EBO, the court found there was nothing in the record to suggest that the failure to pay was being treated as a breach. “Indeed, for eighty days on the first account and sixty days on the second, [the medical center] just waited for [the plaintiff] to pay. Then it sent the debt to [the EBO] who sent [the plaintiff] statements with due dates that were ten to fifteen days out, with no interest charged. And while [the EBO] had the debt, [the medical center] agreed that it would not consider [the plaintiff’s] account to be ‘delinquent, past due or in default.’” Since neither the medical center nor the EBO treated the debt as if it were in default, the court of appeals agreed with the district court that the EBO was not a debt collector under the FDCPA.

The Consumer Relations Consortium (CRC) has asked the California Department of Financial Protection and Innovation (DFPI) to remove language from the most recent iteration of its complaints and inquiries regulation to avoid creating personal liability for employees of covered entities. The CRC also suggested that to better serve consumers, the DFPI should allow electronic disclosures without an opt-in. 

The CRC’s comments, prepared by Legal Advisory Board members John Bedard of Bedard Law Group and Jessica Klander of Bassford Remele asked the DFPI to modify its proposal as follows:

Remove the potential for personal liability

The DFPI’s March 23, 2023, update to its proposed complaints and inquiries regulation (Proposed Rule) includes a requirement that a covered entity shall designate an officer who is “ultimately accountable” for the effective operation and governance of the complaint process. 

The phrase “ultimately accountable” creates a significant discrepancy. 

If left as is, it may be interpreted to assign personal liability to a designated employee overseeing the complaint process, which seems contrary to the overall application of the Proposed Rule. Further, no other industries hold officers personally liable for overseeing and implementing complaint processes and procedures. To cure this inconsistency, the CRC suggested: 

1. Update the definition of “officer” to clarify that an “officer” has authority and responsibility for the effective operation and governance of the covered entity’s complaint process; and

2. Entirely remove the phrase “ultimately accountable.”

With these changes, the DFPI can achieve its goal of requiring a covered entity to have a person overseeing the complaint process without potentially subjecting an individual employee to personal liability.  

Allow annual notices to be sent electronically without an opt-in

[article_ad]

The Proposed Rule creates additional hurdles for consumers by allowing covered entities to send annual disclosures electronically only if the consumer has previously agreed to receive electronic correspondence. To better serve consumers who generally prefer electronic communication, and because of the expense and difficulty associated with traditional mail, the CRC has asked the DFPI to reverse its opt-in requirement and allow covered entities to send notices either in writing or electronically. 

The CRC’s full comment can be found here. 

About the Consumer Relations Consortium 

The Consumer Relations Consortium (CRC) is an organization comprised of more than 60 national companies representing the diverse ecosystem of debt collection including creditors, data/technology providers, and compliance-oriented debt collectors that are larger market participants. Established in 2013, CRC is evolving the debt collection paradigm by engaging stakeholders—including consumer advocates, Federal and State regulators, academic and industry thought leaders, creditors and debt collectors—and challenging them to move beyond talking points and focus on fashioning real-world solutions that actually improve the consumer experience. CRC’s collaborative and candid approach is unique in the market.  CRC is managed by The iA Institute.

About the Legal Advisory Board

The Legal Advisory Board (LAB) is an exclusive membership group of outside counsel with expertise in the accounts receivable industry who have each pledged their time and resources to support the mission of the CRC. The LAB is limited to ten law firms and is comprised of fourteen total attorneys. The 2023 members can be found here. Throughout the year, the LAB serves as a legal resource to the CRC membership and assists in fulfilling the mission of promoting forward-thinking approaches to the issues raised by regulatory policy and technology innovation in the accounts receivable industry.

On April 3, 2023, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) published a broad and wide-ranging Policy Statement on Abusiveness  (“Policy Statement”) meant to assist “government enforcers” in identifying and alleging abusive conduct in the marketplace under the Consumer Financial Protection Act of 2010 (CFPA), specifically 12 U.S.C. 5531(d). In doing so, the Bureau foreshadows a policy shift on the Unfair, Deceptive, or Abusive Acts and Practices (UDAAP) front, likely migrating away from the hallmark “Unfairness” and “Deception” elements of this principle in favor of a more nuanced prong titled “Abusiveness,” which will be easier to trigger.

The CFPB’s Examination Manual regarding UDAAP (“Manual”) explains that the principles of “Unfairness” and “Deception” both pre-date the CFPA, instead finding their roots in the longstanding Federal Trade Commission (FTC) Act. As noted in the Manual, the FTC has already applied these standards for many years “through case law, official policy statements, guidance, examination procedures, and enforcement actions that may inform CFPB.”  By way of this Policy Statement, however, it is evident the Bureau will now seemingly pivot to Abusiveness as a violation du jour, in an effort to more autonomously design and enforce their own UDAAP framework, which will be stricter and more draconian.

The Policy Statement will be published in the Federal Register, and the public will have until July 3, 2023, to submit their comments. For now, this apparent change in policy leaves the consumer financial services industry in a very complicated situation.

Background

The Dodd-Frank Act expressly states that the CFPB has no authority to declare that an act or practice is abusive unless it:

1. Materially interferes with the ability of a consumer to understand a term or condition of a consumer financial product or service; or

2. Takes unreasonable advantage of-

• A lack of understanding on the part of the consumer of the material risks, costs, or conditions of the product or service;

• The inability of the consumer to protect the interests of the consumer in selecting or using a consumer financial product or service; or

• The reasonable reliance by the consumer on a covered person to act in the interests of the consumer.

Since the inception of Dodd-Frank, industry members have tried to grapple with defining and interpreting the “A” in UDAAP, which was always viewed as a mostly redundant “catch all” provision. The Policy Statement changes everything.

What the Policy Statement Says

In the Policy Statement, the CFPB sets forth its analysis and the elements necessary to support and identify abusive conduct and practices. Although the CFPB claims its goal is to provide an “analytical framework,” they concede that evidence of proof weighs little on their conclusions, which are instead drawn from their interpretation of Congressional intent.

The CFPB dissects the abusiveness prong by providing specific examples of conduct and outlining the standard of proof.

Material interference can be shown when an act or omission is intended to impede consumers’ ability to understand terms or conditions, has the natural consequence of impeding consumers’ ability to understand, or actually impedes [their] understanding. Examples of such interference are buried disclosures or digital manipulations on a website (i.e. “multiple click-throughs”). However, the CFPB points out that while there are numerous ways to prove material interference, intent is not a required element.

With respect to proving an “unreasonable advantage,” the CFPB concludes that there is no need to show the act or practice caused substantial injury in order to establish liability. The CPFB identifies three circumstances where an entity can take unreasonable advantage of a consumer:

1. Gaps in Understanding. These reflect gaps regarding material risks, costs, or conditions of a product or service. The Bureau points out that causation is irrelevant and a consumer’s lack of understanding, regardless of how it arose, can be sufficient. The statement surprisingly notes that the prohibition does not require that the consumer’s lack of understanding be reasonable or that a specific number of people also lacked that understanding. One consumer can carry the day.

2. Unequal Bargaining Power. The CFPB states that Congress has outlawed taking unreasonable advantage of circumstances where people lack sufficient bargaining power to protect their interests. The Bureau points to situations where it is impractical for a consumer to protect their interests when selecting or using a product or service, they are unaware of the necessary steps needed to protect themselves, or they have limited financial means to do so. The Bureau notes that the mere existence of certain consumer relationships fosters abusiveness. They cite to examples of debt collectors, credit reporting agencies, and loan servicing companies coming under heightened scrutiny for abuse merely because the consumer did not participate in the selection of the downstream vendor relationship.

3. Reasonable Reliance. The CFPB expresses concern with entities taking advantage of consumers that “rely” on the entity to act in their best interest. The CFPB provides two examples of sensitive relationships but cautions that there are other scenarios that might lend themselves to reasonable reliance violations. The first instance is when an entity expressly states it is working on behalf of the consumer. The second instance is when the entity assumes the role of an intermediary to help the consumer select certain products or services. The CFPB remains hyper-focused on removing all manipulation from these relationships, however, stops short of providing any concrete insight on how consumer subjectivity or even advertising accuracy will (or will not) play into any findings of abusiveness.

Big Themes & Takeaways

1. A New Approach to Proving Discrimination. This Policy Statement, in its current format, seems to provide the CPFB with some newfound ammunition and support in its efforts to more closely scrutinize discriminating conduct that violates the principles of UDAAP. Almost a year ago, the CFPB created a stir by announcing an initiative to combat discrimination through the “Unfairness” prong of UDAAP. In response, a number of trade groups pointed out in a letter to Director Chopra that the Bureau conflated distinct statutory concepts and went beyond the fair lending laws “carefully set by Congress”, which has resulted in numerous contentious lawsuits being filed. Meanwhile, the CFPB had been concurrently attempting to expand the bounds of the Equal Credit Opportunity Act (“ECOA”) through Regulation B by looking to discriminatory conduct in not only applications for credit as the law envisioned, but also through nuanced elements of “discouragement” in the prospective application process. In February, the U.S. District Court for the Northern District of Illinois rebuffed these attempts, ruling in CFPB v. Townstone that the ECOA only prohibits discrimination against applicants for credit, and does not even contemplate the discouragement of prospective applicants. The case was dismissed due to the Bureau’s overreach. The Policy Statement now reveals the CFPB’s next procedural attempt to expand some of the same concepts through a similar, but slightly different, UDAAP approach.

2. Curtailing Defenses to Abusiveness. The CFPB’s repeated and express disregard for an entity’s true intent or existing market customs suggests that pursuing abusive claims will be an easier lift for the Bureau if they proceed under this policy outline, which will likely result in higher demands to resolve investigations. It is also apparent that the agency will review abusiveness violations through the eye of consumers on a case-by-case basis, regardless of how reasonable the underlying action was.

3. A Gift to the States. The Policy Statement offers a playbook for state regulators to pursue federal UDAAP claims, which was encouraged by the CPFB in its May 2022 Interpretive Rule. It is not a coincidence that the Statement labels itself as a resource for “government enforcers” rather than merely for Federal Bureau staff.

4. Non-Bank Industry Will See Biggest Impact. The sweeping declarations and demands made in the Policy Statement, if and when implemented, create a nearly limitless web for potential violations. It isn’t difficult to dream up plausible hypotheticals. Consider the impact to debt collection and collection litigation for example. Can a debt collector still innocently state “We are here to help?” Can a collection representative even assist with a settlement? Can collection attorneys speak to pro-se litigants about their case? This is just the tip of the iceberg. Regulated markets each have standard practices that could come under fire in the wake of this Policy Statement.

Through this Policy Statement, the CFPB has again championed an important mission: removing abusiveness, discrimination, and other unsavory behavior from the consumer financial services marketplace. This mission at its core should be commended, but by acting independently outside the bounds set by Congress, the risk for a contentious showdown with industry markets will loom large.

—————-

The views and opinions expressed in the article represent the view of the author(s) and not necessarily the official view of Clark Hill PLC. Nothing in this article constitutes professional legal advice nor is intended to be a substitute for professional legal advice.

Please join Troutman Pepper Partner Chris Willis for a solo episode as he discusses new trends in CFPB information gathering, specifically Dodd-Frank Act Section 1022 found in the rulemaking and market monitoring section of the CFPB’s authority. Here, Chris examines how the CFPB can request and require certain information from market participants, noting the significant increase in recent CFPB Section 1022 requests, while also discussing industry implications of this emerging trend.

[article_ad]

Transcript: New Trends in How the CFPB Gathers Information (PDF)

FAIRFIELD, N.J. — Vertican Technologies, a global leader in the legal collection software industry, is proud to announce it has invested in Greentree Legal (GTL) in another milestone of Vertican’s plan to provide the collection industry with the tools it needs to become more efficient, compliant, and profitable. GTL’s core focus offers clients seamless management of process service, courier and skip trace services nationwide, and is led by founder and CEO Paula Ashcraft.

“We have had a big ambition to grow the business, and by teaming with Vertican, I’ve been able to concentrate on our growth plans to bring the best-in-class service to its clients and beyond,” stated Ms. Ashcraft when asked about the transaction. 

“I couldn’t be more excited to partner with Paula’s team at GTL,” said Isaac Goldman, Vertican CEO. “We’re not just investing in technology, but the people and expertise that come with it. The Vertican family of products produces the most powerful and innovative technology in our industry. The GTL file and serve integration opens even more doors to saving our clients time and money. Additionally, by the end of Q2 2023, Vertican’s new pricing model will give our clients the opportunity to earn credits by using this and other integration products to reduce their Vertican subscription costs. I’m thrilled about what this means to our clients’ bottom line.”

Vertican has seen tremendous success over the last two years – increasing its total clients to over 300 companies nationwide and closing a $10m Series A round.  

About Vertican Technologies

For more than 40 years, Vertican Technologies has been the receivables industry leader providing best-in-class technology, making operations more efficient, compliant, and profitable. As the pioneer in developing data standards, Vertican continues to advocate for universal data standards which will increase productivity and reduce errors in the legal collection industry. Vertican’s team of subject matter experts and innovators build comprehensive software packages that automate and streamline the collections cycle. Solutions include: vExchange®, Q-LawE, Collection-Master, vMedia, Greentree Legal, and legacy YGC Data Standard licensing. Visit www.vertican.com to learn more.

Democrats in the Maine House of Representatives have introduced House Bill number 1259 (Bill) to shift attorneys’ fees to the prevailing party in litigation. If passed into law, the Bill will impact those who file lawsuits to recover debts. A hearing about the bill will be held in Maine on April 6, 2023, at 1 pm. 

The Bill addresses litigation between “Institutional Entities” and “Covered Individuals” and states that if a Covered Individual is a “Prevailing Party” in litigation, the Covered Individual will be awarded costs and reasonable attorney fees. 

[article_ad]

• “Covered Individuals” are defined as people whose gross household income does not exceed 400% of the federal poverty level; OR individuals who are eligible for certain assistance programs for low-income households. According to recent data, this would cover the vast majority of Maine residents.

• “Institutional Entities” are defined as any type of business recognized under Maine Law.

• “Prevailing Party” includes any defendant in which “no relief is recovered by the plaintiff” and also includes a party that obtains a monetary recovery or nonmonetary relief via judgment or settlement.

Covered Individuals will be required to produce records to show they meet this definition. There is a rebuttable presumption that a party other than a Covered Individual is an Institutional Entity.  The presumption can be rebutted if a court finds that the entity’s tax records for the prior three years show that the entity and its owners have an average annual net income below $100,000.00.

insideARM Perspective

This Bill is comparable to Florida’s fee-shifting statute 57.105, which increases litigation costs and causes all kinds of absurd outcomes. As a result of Florida’s fee-shifting statute, voluntary dismissals are often met with demands for fees, and attorneys have sought fees in separate actions after reaching settlements to pay debts.  Some Florida consumer attorneys have even refused to sign settlement agreements that do not include fee payments.  

Those with legal interests in Maine should pay attention to this Bill and consider attending the hearing if feasible. 

PHOENIX, Ariz — After nearly two years, Superlative RM, a collection agency with locations in Phoenix, AZ and Elk Grove, CA, is celebrating a recent victory in the United States District Court for the Northern District of Illinois Eastern Division. On June 16, 2021, the plaintiff, through her counsel, filed a class action lawsuit against Superlative RM and an investment group for a Hunstein styled ‘copy-cat’ case. The case was filed in the Circuit Court of Cook County, IL, Chancery Division. The case was based on the claim that the defendants violated the FDCPA by communicating information about a debt to a third party (letter vendor) without permission from the consumer. 

SRM retained a well-known creditors rights firm to defend the case. The defendants argued that letter vendors are mediums used to transmit information and that modern mailing vendors’ systems are largely automated, with data processed not intervened by human eyes. Defendants cited subsections within the FDCPA which allow debt collectors to serve legal processes on consumers and use telephones and telegrams to communicate with consumers, further noting that the communication in question was not an attempt to collect a debt (dunning letter).  

The co-defendant requested that the case be moved to federal court. In June of 2022, the federal court denied the request and moved the case back to Illinois, filing an order remanding the case back to Cook County, IL. Within this order, the federal judge noted that the type of communication in question fell under the scope of “ministerial duties” associated with debt collection, which is not what the FDCPA aimed to cover in its statements on third party disclosures. The plaintiff also stipulated that she has not suffered any actual damages. Judge Leinenweber noted on the 6/1/22 document: 

“In summary we have a debt collector who utilizes a third party to mail Dunning letters. Thus, the only individual having access to the debt information is the individual who created and mailed the Dunning letter. This ministerial activity is no different from what a lawyer’s secretary normally performs. The fact that a secretary is an employee rather than a contractual worker appears wholly irrelevant. In fact, many lawyers hire contract secretarial services, as well as court reporters. Suppose an attorney who is employed to collect a large debt is forced to file suit against the debtor and in course of the proceeding takes a deposition of the debtor before a court reporter, who is virtually always, like the third-party vendor in this case, a third-party vendor. Court reporters, like the third-party vendor in this case, are not covered by the permissible list of persons to whom the debt information may be disclosed.”

Once back in Illinoi court, SRM filed a Motion to Dismiss on the basis that Plaintiff could not establish an injury in fact and that no proof of communication could be made between SRM and its vendor. On March 15, 2023, the district judge published an order granting SRM’s Motion to Dismiss with prejudice. That case document can be accessed here. 

About Superlative RM

Superlative RM (SRM) is an accounts receivable management company that assists its clients by contacting consumers to resolve outstanding account balances. They are nationally licensed and work diligently to follow all current state and federal guidelines. Superlative RM bridges the gap between creditors and consumers by innovating user-friendly, digital account resolution options.

BONITA SPRINGS, Fla. — TRAKAmerica (“TRAK”) is pleased to announce the appointment of Roxanne Bartley as its first Chief Revenue Officer. In this role, Roxanne will be responsible for accelerating and scaling company revenue and will lead global sales, as well as Marketing and Branding. Roxanne brings a wealth of experience and expertise to the role. She has more than two decades of proven expertise in leading high-performance revenue generation teams that deliver results for both clients and the business. 

Prior to joining TRAK, Roxanne was the Chief Executive Officer at Bartley Ventures LLC where she led sales, marketing, and customer success initiatives, doubling the company’s annual recurring revenue year-over-year. Additionally, she previously held executive positions at several ARM companies such as RemitterUSA, Alpha Recovery, DebtResolve, KCA Financial Services and Harris and Harris, where she successfully scaled each business and delivered significant revenue growth.

“We are thrilled to welcome Roxanne Bartley to our team,” said Vincent Iacono, CEO. “With Roxanne’s extensive experience in the ARM space and impressive track record of driving revenue growth, we are confident that Roxanne will help us to achieve our growth objectives and build on our position as the industry leading provider of Accounts Receivable Management services.” 

About TRAKAmerica

Based in Bonita Springs, FL, TRAK is a leading provider of outsourced legal recoveries to credit issuers and financial institutions. The Company utilizes a proprietary technology-enabled workflow management and data-analytics platform to provide a prioritized, streamlined and compliance-driven solution for consumer receivables. TRAK’s national legal network of law firms collects hundreds of millions in charged-off receivables on behalf of blue-chip clients annually. The Company’s legal-focused strategy generates an industry leading return on investment versus all other recovery methods.”