On July 31, 2020, Varo Money Inc. announced that it was granted a national bank charter by the U.S. Office of the Comptroller of the Currency (OCC).  The charter will allow Varo, a mobile banking fintech, to launch a national bank and offer a range of financial services and products that are backed by the Federal Deposit Insurance Corp (FDIC).

The announcement marks a historic moment for fintech companies, as Varo will become the first fintech company to obtain a national bank charter with the OCC.

On July 23, 2020, the New York Department of Financial Services (“DFS”) filed its appellate brief asking the Second Circuit Court of Appeals to uphold the lower court’s decision to block the Office of Comptroller of the Currency’s (“OCC”)’s special purpose national bank charter (“fintech charter”).

The DFS initially challenged the OCC’s fintech charter in

On July 16, 2020, Blackbaud, a U.S. based cloud computing provider and one of the world’s largest providers of education administration, fundraising, and financial management software, notified users of its services that it had suffered a ransomware attack in May 2020 in relation to personal data stored on their servers. Numerous colleges, universities, foundations, and other non-profits across the U.K., U.S. and Canada were affected.

Blackbaud’s handling of the attack has raised some questions. Blackbaud has confirmed in a statement on its website that they paid the cyber-criminal’s ransom demand in return for confirmation that the stolen data had been destroyed. Paying ransom demands is not unlawful, but it goes against the official advice issued by many law enforcement agencies, including the FBI. In addition, Blackbaud has faced criticism for taking many weeks to inform its customers of the breach.

On June 18, 2020, the U.S. Supreme Court issued a long-awaited decision regarding the Department of Homeland Security’s (“DHS”) choice to rescind the immigration program Deferred Action for Childhood Arrivals (“DACA”). The Court noted the question before it was not whether DHS may rescind DACA but rather, whether DHS followed proper procedure in rescinding the

On May 14, California Secretary of State Alex Padilla announced that the California Privacy Rights Act of 2020 (the “CPRA”) had obtained sufficient raw signatures to qualify for the November 3, 2020 ballot.  Those signatures are currently being verified by the counties in which they were obtained.  However, based on a complaint filed June 8 by Alastair Mactaggart and other members of Californians for Consumer Privacy—the proponents of the CPRA—it appears that the verification process may not be completed in time for the CPRA to appear on the ballot this Fall.

The lawsuit, Alastair Mactaggart, et al. v. Padilla, filed in Sacramento County Superior Court, alleges that Secretary of State Padilla failed to adhere to a provision of the California Elections Code requiring his office to “immediately” notify county officials to begin the verification process upon receipt of a sufficient number of raw signatures.  Here is a brief timeline of the events alleged in the Complaint:

On June 1, 2020, the California Attorney General submitted the final text of the CCPA Regulations to the California Office of Administrative Law (the “OAL”).  This was the last step the AG needed to take before the Regulations become enforceable.  But whether enforcement will still start on July 1, 2020 as set forth in the CCPA remains uncertain.

What does this mean for the timing of CCPA enforcement?

Some have questioned whether the AG’s delay in submitting the Regulations following the end of the last comment period in March signaled an intent by the AG to delay enforcement of the CCPA.  So far, however, there is no indication of any intended delay in either the AG’s press announcement regarding submission of the Final Regulations or his prior comments reiterating his intention to keep enforcement on track despite COVID-19.  Indeed, the AG requested expedited review of the Regulations by OAL in order to meet the July 1 deadline.

Two weeks ago we wrote about proposed legislation, The COVID-19 Consumer Data Protection Act of 2020 (“CCDPA”), introduced by a group of senior Republican senators, which was designed to address privacy issues arising in the wake of the COVID-19 pandemic.  In response, senior Democratic members of the Senate and House of Representatives introduced their own framework for protecting the privacy of individuals in light of the development of tools for tracking and containing the spread of the virus.

The Public Health Emergency Privacy Act

Senators Richard Blumenthal (D-CT) (Ranking Member of the Senate Commerce Committee’s Manufacturing, Trade and Consumer Protection Subcommittee) and Mark Warner (D-VA) (Vice Chairman of the Senate Intelligence Committee) lead a bicameral group of 10 lawmakers on a Democratic version of federal consumer privacy legislation as it relates to the coronavirus pandemic.  The Public Health Emergency Privacy Act (the “PHEPA”), introduced on May 14, seeks to give individuals protection and control over their covered health data by adopting an express affirmative consent regime, along with enumerated requirements for businesses. For a helpful summary of the key similarities and differences between the PHEPA and the CCDPA, please see the Chamber Technology Engagement Center’s (C_TEC) COVID-19 Privacy Bill Comparison Chart.