The New York state legislature is currently considering a pair of companion bills which would impose detailed notice and records requirements upon student loan servicers. New York Senate bill S5136B, which was passed by the New York Senate earlier this year, and New York House bill A6226B, which is currently under consideration with the New York Legislature’s Consumer Affairs and Protection Committee, would require “creditors and debt collectors” to provide certain written disclosures to borrowers or cosigners of private education loans at the time of the first collection communication (or within five days after the first communication). … Continue Reading
Pennsylvania amends data breach notification law
In early November, Pennsylvania amended its data breach notification law broadening the definition of personal information. The amendment adds “health insurance information” and “medical information” as data elements that could trigger breach notification requirements. Coupled with this addition is a breach notification exception for businesses that are (1) subject to and (2) in compliance with HIPAA’s privacy and security standards. … Continue Reading
New York delays effective date of law requiring credit card rewards points grace period
Earlier this year, New York delayed the effective date of its new law requiring card issuers to provide a grace period for using credit card rewards points that was slated to be effective later this week.
The delay means that the effective date of the new law is now December 10, 2023. … Continue Reading
Arizonans Approve Decrease to Maximum Interest Rate on Medical Debt and Increases to Homestead and Other Exemptions
With 72% voting in favor, Arizonans approved Proposition 209 decreasing the maximum lawful annual interest rate on “medical debt” from 10% to 3%, and increasing the amount of the homestead and other exemptions. These changes, which are effective immediately following certification of the vote and issuance of a proclamation by the governor (the governor does not have the authority to veto), only apply prospectively.… Continue Reading
NYDFS Announces Updated Cybersecurity Regulation
On November 9, 2022, New York Department of Financial Services (NYDFS) Superintendent Adrienne Harris announced that the NYDFS formally proposed an updated cybersecurity regulation. Although the updates had previously been released in draft form, the formal announcement commences the 60-day comment period.
The proposed regulations would create three different tiers of companies based on their size, operations, and nature of their businesses. … Continue Reading
New California laws place limits on GAP insurance
Two recently-passed bills in California, Assembly Bill 2311 (“AB 2311”) and Senate Bill 1311 (”SB 1311”), were signed into law by Governor Gavin Newsom on September 13 and September 27, respectively, placing new restrictions on the sale of Guaranteed Asset Protection (“GAP”) waivers in California. The new laws limit the price of GAP waivers, add new disclosure requirements, ban GAP waiver sales in certain instances, and prohibit financing of GAP insurance in auto loans to servicemembers.… Continue Reading
New requirements for live checks now effective in New York
On September 2, 2022, new requirements for “live checks” became effective in New York. The new requirements were created by SB 4894 which New York Governor Hochul signed into law on May 5, 2022.
The new requirements apply to “mail-loan checks” issued by “lending institutions.” A “mail-loan check” is defined as “a check, made out to and mailed to a person by a lending institution, which, when cashed or deposited by such person, obligates such person to repay to such lending institution the amount of the proceeds of such check according to terms mailed to such recipient with such check.” … Continue Reading
CPRA’s employee and B2B exemptions appear destined to sunset
The August 31 closing of the California legislative session likely marked the end of hopes for an extension of the limited exemptions for employee and business-to-business (B2B) data that have existed for the California Consumer Privacy Act (“CCPA”) since its inception. As a result, when the the California Privacy Rights Act (CPRA) goes into effect on January 1, 2023, employee and B2B data will be treated the same as consumer data. … Continue Reading
NYDFS Announces Draft Amendments to Cybersecurity Regulation
On July 29, 2022, the New York Department of Financial Services (“NYDFS”) released Draft Amendments to its Cyber Security Regulations. The Amendments, if adopted, would further regulatory trends and impose important new requirements on covered entities.
The Amendments contain three significant changes relating to ransomware. First, the Amendment specifically adds “the deployment of ransomware within a material part of the covered entity’s information system” as a cybersecurity event requiring notice to the superintendent within 72 hours. … Continue Reading
Illinois provides guides and templates for Know Before You Owe Private Education Loan Act reporting requirements
Private education lenders doing business in Illinois now have access to official informational guides and templates for meeting the November 1, 2022, reporting requirements under the state’s new Know Before You Owe Private Education Loan Act (“KBYO”).
Promoted as a means to make borrowers aware of federal student loan options before they turn to private loans, KBYO also seeks to collect and publicize data on private educational lending through an annual reporting obligation imposed on lenders. … Continue Reading