The Superintendent for the New York Department of Financial Services recently announced a consent order assessing a $4.5 million penalty against a health insurance company for violations of the DFS Cybersecurity Regulations, 23 NYCRR, Part 500.
Posts published in “Compliance Management”
Beginning Jan. 1, businesses operating in the District of Columbia will face new challenges under the DC Council’s new debt collection law with costly penalties in place for those who don’t comply.
The U.S. Court of Appeals for the Third Circuit recently held in Clemens v. ExecuPharm Inc. that the risk of future harm from a data breach can be enough for Article III standing, taking into consideration whether the breach was intentional, whether the data was misused, and the nature of the data accessed.
On Sept. 27, Michigan Sen. Rosemary Bayer and eight fellow Democrat cosponsors introduced Senate Bill 1182, which would create the Michigan Personal Data Privacy Act. The Michigan Legislature remains in session through the end of the year.
The U.S. District Court for the District of Massachusetts recently denied a motion to dismiss FDCPA and Mass. Gen. Law. Ch. 93 and 93A claims, holding that a constable qualifies as a “debt collector” under the Fair Debt Collection Practices Act and a “creditor” under Mass. Gen. Laws ch. 93.
On Aug. 11, 2022, the Federal Trade Commission issued an Advance Notice of Proposed Rulemaking seeking input that will shape potential rules “to crack down on harmful commercial surveillance and lax data security.”
On May 10, Gov. Ned Lamont signed into law Substitute Senate Bill 6 (Public Act 22-15), Connecticut’s version of comprehensive consumer data privacy legislation. This makes Connecticut the fifth state to enact such legislation, following California, Virginia, Colorado, and Utah. The Act will go into effect July 1, 2023.
A New York federal judge on April 28 temporarily enjoined three New York sheriffs from refusing to enforce judgment executions which seek to collect judgment interest “calculated with the interest rate in effect at the time the judgment was obtained.”
Medical debt continues to dominate the headlines in 2022 and continues to be an area of significant focus for the Consumer Financial Protection Bureau.
Medical debt continues to capture the attention of state and federal government, with lawmakers and regulators continuing to target how medical debt is collected and how it is reflected on a consumer credit report.
There remain over 30 comprehensive consumer data privacy bills pending in the states, but some are falling off the chart as the legislative sessions come to an end. While the number of active bills is decreasing, there is one new state data privacy law, and others that continue to show movement.
On March 24, Utah Gov. Spence Cox signed into law SB 227, the Utah Consumer Privacy Act. This makes Utah the fourth state, behind California, Virginia, and Colorado, to enact comprehensive consumer data privacy legislation.