A major consumer privacy law is likely this legislative session in Florida that stands to jeopardize not only technology companies, but financial services, healthcare entities, and thousands of small and medium-sized businesses that rely on digital marketing and advertising to conduct business.
Florida legislators are generally pro-business, but this year could be an exception. Talks

Last week, we reported that on December 30, 2020, the Consumer Financial Protection Bureau (“CFPB” or “Bureau”) issued compliance assistance sandbox (“CAS”) approval to Payactiv, Inc. (“Payactiv”) regarding specific aspects of its earned wage access (“EWA”) product.

Payactiv’s Chief Legal Officer, David Reidy, expressed Payactiv’s reaction to the Approval Order this way – “We are grateful for the hard work and commitment the Bureau showed through this whole process. Everyone involved believes in EWA as an important and innovative benefit for workers. I couldn’t be more proud that Payactiv is the first and only EWA provider to be granted this approval.”

The recently-passed California Privacy Rights Act (CPRA) augments and supplements California’s existing privacy law, the California Consumer Privacy Act (CCPA).  We are sure many practitioners are wondering how it stacks up with the European Union’s General Data Protection Regulation (GDPR). See below for Part I of our two part series comparing the CPRA and the GDPR (and see Part II here).

HOW DOES THE CPRA CHANGE THE CCPA?

The CPRA makes several significant changes to the CCPA:

  • It introduces the concept of “sensitive personal data”;
  • It introduces new obligations on businesses, and GDPR-style “principles”;
  • It introduces new rights for consumers; and
  • It creates a new supervisory authority for data protection and privacy in California — the California Privacy Protection Agency.

These changes are very significant – but do they represent a move closer to GDPR, or a move away?

New York, California and six other States filed a widely expected lawsuit on January 5 seeking to invalidate the “True Lender” Rule recently issued by the Office of the Comptroller of the Currency (“OCC”).  As we previously reported, the OCC’s True Lender Rule — finalized in October and effective since December 29 —provides bright-line tests for determining, in the context of a lending partnership between a national bank (or federal thrift) and a third-party (often a FinTech or other non-bank firm), which entity actually “made” the loan, i.e., which entity was the “true lender.”

On December 30, 2020, the Consumer Financial Protection Bureau (“CFPB”) granted approval to Payactiv, Inc. (“Payactiv”) to offer its earned wage access (“EWA”) program under the CFPB’s Policy on the Compliance Assistance Sandbox, among the first approvals under the CFPB’s regulatory sandbox.

In its approval order, the CFPB granted approval to various aspects of Payactiv’s EWA program and grants Payactiv a safe harbor from liability under the Truth in Lending Act (“TILA”) and Regulation Z.

On December 10, 2020, FinCEN Director Kenneth Blanco delivered prepared remarks at the ABA’s annual Financial Crimes Enforcement Conference. At the outset, Director Blanco addressed the importance of U.S. national security amidst the unprecedented environment created by the COVID-19 pandemic. In his remarks, Director Blanco announced “important guidance” and “much needed clarity” concerning FinCEN’s voluntary Section 314(b) information sharing program.

Section 314(b) of the USA PATRIOT Act provides financial institutions safe harbor from civil liability when sharing with another financial institution information regarding customers suspected of possible terrorist financing or money laundering activities. 31 C.F.R. § 1010.540(b)(1). Financial institutions share information under this provision to facilitate investigations of suspicious activity and assist in preparing more complete Suspicious Activity Reports (“SARs”).

A federal court recently allowed a plaintiff’s state law negligence claim, which utilized the Anti-Kickback Statute (“AKS”) and federal physician self-referral law (the “Stark Law”) as legal support to survive a motion for summary judgment. In Post v. AmerisourceBergen Corporation, No. 1:19-CV-73 (N.D.W. Va. Nov. 2, 2020), Plaintiff, Frances G. Post, filed suit against

The November 2020 election left a lot of questions.  Among them, companies doing business in California are now asking about compliance with yet another California data privacy law, this time the California Privacy Rights and Enforcement Act of 2020 (the “CPRA”).  This article gives an overview addressing the what, when, and how of the CPRA.  (We won’t hazard a guess as to the why—we leave that to the backers of the new law.)

What is the CPRA?

The CPRA builds on the California Consumer Privacy Act of 2018 (the “CCPA”) in a number of key ways.  It includes: new consumer rights, new requirements for businesses, and a number of other miscellaneous changes.  Some parts of the CCPA will remain in effect, and others are rephrased or clarified.  We provide below a high-level overview of topics we believe businesses should be thinking about now as they look ahead to building-out their CPRA compliance programs.

In an earlier article, we provided an overview of the Consumer Financial Protection Bureau’s (“CFPB”) earned wage access (“EWA”) advisory opinion.  In the opinion, the CFPB identified seven requirements for a “Covered EWA Program,” i.e., an EWA program that would “not involve the offering or extension of ‘credit’” under the Truth In Lending Act (“TILA”) and its Regulation Z.