Those Other Laws Dino Tsibouris Attorney at Law 2006 NCHELP FALL TRAINING CONFERENCE.

Slides:



Advertisements
Similar presentations
Consumer Protection Laws Dino Tsibouris (614)
Advertisements

Chapter 27 Your Credit and the Law pp Learning Objectives 1.Explain 1.Explain how government protects credit rights. 2. Name 2. Name federal.
The Fair Trading Act and Credit 2011 Service Alberta.
©2008 Perkins Coie LLP Game Industry Roundtable Privacy Developments for the Game Industry Thomas C. Bell September 24, 2008.
HIPAA Basics Brian Fleetham Dickinson Wright PLLC.
Privacy Laws & Higher Education. Agenda 1.Five Privacy Laws a.FERPA b.HIPAA c.GLB d.FACTA Disposal Rule e.CAN-SPAM 2.Overview of the Laws a.What does.
Privacy, Security and Compliance Concerns for Management and Boards November 15, 2013 Carolyn Heyman-Layne, Esq. 1.
The Financial Modernization Act of 1999, also known as the Gramm-Leach-Bliley Act (GLBA) UNDERSTANDING AND DEVELOPING A STRATEGIC PLAN TO BECOME COMPLIANT.
I.D. Theft Alaska’s New Protection of Personal Information Act Ed Sniffen Senior Assistant Attorney General Alaska Department of Law.
© 2014 Nelson Brown Hamilton & Krekstein LLC. All Rights Reserved PRIVACY & DATA SECURITY: A LEGAL FRAMEWORK MOLLY LANG, PARTNER, NELSON BROWN & CO.
The New Rules of F&I with Peter Jones The New Rules of F&I What are the Rules? Red Flag Rule Graham / Leach / Bliley Act Privacy Notice Safeguard Rule.
Fair Debt Collection Practices Act (FDCPA). Log into Quia and complete the FDCPA pre-assessment quiz. 2 FDCPA - How much do you know about this law?
Consumer Privacy & Protection Joanna Acocella May 22, 2007.
March 19, 2009 Changes to HIPAA Privacy and Security Requirements Joel T. Kopperud Scott A. Sinder Rhonda M. Bolton.
The AMA Code of Ethics Could Egyptian Marketing Professionals Agree on a List of Rules, Perhaps Similar to This? The IMI Journal. Members of the AMA are.
Deceptive Trade Practices Enforcement in Private Student Loans Dino Tsibouris Tsibouris & Associates, LLC.
Preemption of State Law for State Banks Prepared by: Robert C. Fick, Esq., FDIC Presented by: Joe DiNuzzo, Esq., FDIC.
Dino Tsibouris (614) Information Security – What’s New In the Law?
The Wild and Wooly World of E-Signatures Dino Tsibouris (614)
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
Code of Conduct for Mobile Money Providers 6 November 2014 All material © GSMA The policy advocacy and regulatory work of the GSMA Mobile Money team.
HIPAA COMPLIANCE IN YOUR PRACTICE MARIBEL VALENTIN, ESQUIRE.
2007 NCHELP DEBT MANAGEMENT CONFERENCE Consumer Credit Law Private Loans vs. FFELP Dino Tsibouris
Vendor Risk: Effective Management is Essential
©OnCourse Learning. All Rights Reserved.. The Principal–Broker Relationship: Agency ©OnCourse Learning. All Rights Reserved. Chapter 11.
CHAPTER 27 OTHER CREDIT TRANSACTIONS DAVIDSON, KNOWLES & FORSYTHE Business Law: Cases and Principles in the Legal Environment (8 th Ed.)
House Committee on Business and Industry House Bill Implementation of Closed Account Notification System Texas Department of Banking April 22, 2008.
CONSUMER PROTECTION AND LITIGATION: CONSUMER PROTECTION AND LITIGATION: Ryan Mehm Attorney Bureau of Consumer Protection Federal Trade Commission The views.
April 23, Massachusetts’ New Data Security Regulations: Ten Steps To Compliance Amy Crafts
Regulatory Update: Where Do We Stand? Lewis D. Kuhl Attorney at Law Kurkin Forehand Brandes LLP.
Managing Risk in Cloud Computing Contracts Henry Ward and Todd Taylor April 30, 2015.
Shopping for an Automobile Loan What Do I Need to Know? Using Financial Calculators.
Your Credit & The Law Chapter 27. Today’s Schedule Late Work Collection Late Work Collection Assignment of Homework Assignment of Homework Chapter 27.
HIPAA PRIVACY AND SECURITY AWARENESS.
Identity Theft  IDENTITY THEFT occurs when someone wrongfully acquires and uses a consumer’s personal identification, credit, or account information.
Privacy and Security Laws for Health Care Organizations Presented by Robert J. Scott Scott & Scott, LLP
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
Florida Information Protection Act of 2014 (FIPA).
Dino Tsibouris (614) Vendor Contracts: What You Need and What You May Be Missing.
Medical Law and Ethics, Third Edition Bonnie F. Fremgen Copyright ©2009 by Pearson Education, Inc. Upper Saddle River, New Jersey All rights reserved.
HIPAA THE PRIVACY RULE. 2 HISTORY In 2000, many patients that were newly diagnosed with depression received free samples of anti- depressant medications.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
Bryce K. Earl, Esq. and Thomas G. Grace, Esq Presentation To: Association of Corporate Counsel January 26, 2010 ______________________________ Covenants.
© Copyright 2010 Hemenway & Barnes LLP H&B
Back to Table of Contents pp Chapter 27 Your Credit and the Law.
Data Governance 101. Agenda  Purpose  Presentation (Elijah J. Bell) Data Governance Data Policy Security Privacy Contracts  FERPA—The Law  Q & A.
Chapter 27 Your Credit and the Law pp Learning Targets 1.Explain 1.Explain how government protects credit rights. 2. Name 2. Name federal laws.
Privacy and Data Breach Issues Kirk Herath, VP, Chief Privacy Officer, Nationwide & Dino Tsibouris, Founding Principal, Tsibouris & Associates.
Dino Tsibouris & Mehmet Munur Privacy and Information Security Laws and Updates.
Data Security in the Cloud and Data Breaches: Lawyer’s Perspective Dino Tsibouris Mehmet Munur
Copyright © 2012, Big I Advantage®, Inc., and Swiss Re Corporate Solutions. All rights reserved. (Ed. 08/12 -1) E&O RISK MANAGEMENT: MEETING THE CHALLENGE.
Chapter 44 Partnerships, Limited Partnerships, and Limited Liability Companies Twomey, Business Law and the Regulatory Environment (14th Ed.)
CYBERSECURITY: RISK AND LIABILITY March 2, 2016 Joshua A. Mooney Co-chair-Cyber Law and Data Protection White and Williams LLP (215)
1 HIPAA’s Impact on Depository Financial Institutions 2 nd National Medical Banking Institute Rick Morrison, CEO Remettra, Inc.
Nassau Association of School Technologists
6 BANK LOANS 6.1 Consumer Loans 6.2 Granting and Analyzing Credit
Click here to advance to the next slide.
Federal Agencies and Laws for Consumer Rights
Protection of CONSUMER information
Florida Information Protection Act of 2014 (FIPA)
Obligations of Educational Agencies: Parents’ Bill of Rights
MIS 5121: Real World Control Failure - TJX
Florida Information Protection Act of 2014 (FIPA)
Chapter 3: IRS and FTC Data Security Rules
Ch. 11 Credit & Debt.
Protecting Your Credit
Current Privacy Issues That May Affect Your Credit Union
NEW SBA Form 159 Notice (a) & 504
Colorado “Protections For Consumer Data Privacy” Law
Presentation transcript:

Those Other Laws Dino Tsibouris Attorney at Law 2006 NCHELP FALL TRAINING CONFERENCE

It’s all so regulated… Licensing requirements to do business Limits to interest rates and loan fees Privacy and information security 2006 NCHELP FALL TRAINING CONFERENCE

Licensing National banks and thrifts don’t need a license from the state Non-bank lenders and purchasers of loans may need a license to make or enforce a loan 2006 NCHELP FALL TRAINING CONFERENCE

Licensing A common test: Are you in the “business of lending?” –NJ includes companies that purchase loans from others –OH includes the original lender only –MN excludes loans under other state law 2006 NCHELP FALL TRAINING CONFERENCE

Licensing Physical location concerns Limits on assignment Specific rates of interest and permissible fees 2006 NCHELP FALL TRAINING CONFERENCE

Loan Pricing State license lender laws establish permitted rates and fees –Interest rates –Late fees –Loan origination fees of 1-2% –Prepayment fees –Refund of unearned charges 2006 NCHELP FALL TRAINING CONFERENCE

Loan Pricing National Bank Act (12 USC 85) A national bank located in a state may charge interest at the maximum rate permitted to any state-chartered or licensed lending institution by the law of that state 2006 NCHELP FALL TRAINING CONFERENCE

Loan Pricing National Bank Act (12 USC 85) “Interest" includes any payment compensating a creditor for: –An extension of credit –Making available of a line of credit –Any default or breach by a borrower 2006 NCHELP FALL TRAINING CONFERENCE

Loan Pricing National Bank Act 12 USC 85 “Interest" includes, among other things: –Numerical periodic rates –Late fees –Creditor-imposed NSF fees 2006 NCHELP FALL TRAINING CONFERENCE

Loan Pricing National Bank Act 12 USC 85 “Interest" does not ordinarily include: –Premiums/commissions for insurance guaranteeing repayment of any extension of credit –Document preparation –Fees incurred to obtain credit reports 2006 NCHELP FALL TRAINING CONFERENCE

Loan Pricing – Tied to State Law Ohio Revised Code –Interest/finance charges not exceeding APR of twenty-five per cent –Also may charge, as interest, other fees and charges that are agreed upon by the bank and the borrower 2006 NCHELP FALL TRAINING CONFERENCE

Loan Pricing – Tied to State Law RC “Interest” –Charges for late payments –NSF fees –Application, processing, origination fees –Guarantee fees –Prepayment fees 2006 NCHELP FALL TRAINING CONFERENCE

Loan Pricing – Tied to State Law RC “Interest” Any fees and charges shall not be included in the computation of the annual percentage rate or the rates of interest or finance charges for purposes of applying the twenty-five per cent limitation 2006 NCHELP FALL TRAINING CONFERENCE

Loan Pricing – Tied to State Law 12 CFR The term “interest” as used in 12 U.S.C. 85 includes … includes, among other things,… RC A bank may charge… as interest, other fees and charges that are agreed upon … including, but not limited to,… Many possibilities; uncertain outcomes 2006 NCHELP FALL TRAINING CONFERENCE

Important Considerations Make sure rates and fees are properly structured –Within legal limits –Business case for each fee Challenges to the relationship between lenders those who buy their loans 2006 NCHELP FALL TRAINING CONFERENCE

Privacy GLB Contract management State privacy law FTC Breach notification 2006 NCHELP FALL TRAINING CONFERENCE

Privacy – GLB Permitted Sharing Third party with notice and opt-out Permitted disclosure without consent –Service providers (notice, contract) –Joint marketing agreements (contract) Express consent from consumer 2006 NCHELP FALL TRAINING CONFERENCE

Privacy – Consent GLB: “Clear and Conspicuous” –Reasonably understandable and designed to call attention to the nature and significance of the information contained –May combine with other clear and conspicuous notices FCRA: “Clear and Conspicuous” –Small type on back of mailer in a paragraph of type about other matters inadequate (Use different type, color - Cole v. U.S. Capital) 2006 NCHELP FALL TRAINING CONFERENCE

Privacy – Scope of Consent I authorize the release of information pertinent to my loans: (i) by the school, the lender, and the guarantor, or their agents, to the references on the applicable loans and to members of my immediate family unless I submit written directions otherwise; and, (ii) by and among my schools, lenders, guarantors, the Department of Education, and their agents. Source: FFELP MPN 2006 NCHELP FALL TRAINING CONFERENCE

Privacy – Scope of Consent Agent: A person authorized to act for and under the direction of another person when dealing with third parties. Can enter into binding agreements on the principal's behalf and may even create liability for the principal if the agent causes harm while carrying out his or her duties. Source: NCHELP FALL TRAINING CONFERENCE

Security 88,348,579+ persons had their PFI improperly accessed/stolen between February 15, 2005 and June 16, 2006 (Privacy Rights Clearinghouse) A consumer calling the FTC helpline reported that in one day thieves used her stolen PFI to open 9 credit card accounts and charged $15,000

Technical Security Hackers Unprotected Wireless Access Compromised Passwords Unencrypted Data Storage and/or Transmissions

Physical Security CDs/Files Lost/Stolen During Transport Files Lost/Stolen from Storage Improper Destruction of Files Lost/Stolen Laptops

Humans, Contractors, and Vendors Dishonest Persons Failure to Follow Corporate Security Regulations Mistakes/Errors

Privacy – Contract Management Privacy Agreements –Limits on use –Audit rights –Notice if breached –Indemnity for claims and losses –No limit on liability 2006 NCHELP FALL TRAINING CONFERENCE

If a Breach Occurs Key steps –Identify the information lost –Identify “affected persons” –Notify law enforcement –Prepare customer and media response plan –Notify affected persons 2006 NCHELP FALL TRAINING CONFERENCE

State Laws Consumer protection and deceptive trade statutes State AGs offices are pursuing loss or breach of consumer personal information through traditional consumer protection and deceptive trade practices statutes

Federal Laws Federal Trade Commission Act (FTC Act) prohibits “unfair or deceptive acts or practices.” Gramm Leach Bliley Act governs the collection and disclosure of NPI (Privacy Rule); requires design, application, and maintenance of safeguards to protect NPI (Safeguards Rule)

DSW, Inc. Both state and federal cases were filed against DSW, Inc. –DSW is based in Ohio and sells shoes in 206 stores nationwide –Ohio Attorney General filed suit under Ohio Consumer Sales Practices Act –Federal Trade Commission filed suit under FTC Act

DSW, Inc. DSW retained consumers’ names, credit/debit card numbers, checking account information and drivers’ license numbers March 8, 2005 DSW learns that the data it retained from some 1.4M sales transactions was removed from its custody

State of Ohio v. DSW, Inc. Attorney General suit claimed DSW’s failure to notify all affected consumers was “unfair or deceptive” act under Ohio’s Consumer Sales Practices Act Asked court to order DSW to send written notice to all affected consumers

State of Ohio v. DSW, Inc. DSW: Difficult to contact all customers because it did not keep detailed information on all customers' addresses DSW SEC filing: Set aside $6.5 million to handle claims from the case and indicated total exposure could reach $9.5 million

In re DSW, Inc. FTC: DSW violated FTC Act when it “failed to provide reasonable and appropriate security for personal information collected at its stores”

In re DSW, Inc. Alleged violations: –Storing data it didn’t need to keep –Not using available security measures to limit wireless access to computer networks –Storing data in unencrypted files, accessed via a well known user ID and password –Failing to employ sufficient measures to detect unauthorized access

In re DSW, Inc. Settlement DSW must establish a comprehensive information security program: –Reasonably designed to protect the security, confidentiality, and integrity of personal information collected from or about consumers –Fully documented in writing –Contain administrative, technical, and physical safeguards appropriate to DSW’s size and complexity

In re DSW, Inc. Settlement “Security Program” Requires: –Designated employee(s) to coordinate and be accountable for IS program –Identify internal/external risks to NPI that could result in unauthorized disclosure or misuse –Assessment of the sufficiency of any safeguards used to control risks

In re DSW, Inc. Settlement “Security Program” Requires: –Regular testing of the key controls, systems, and procedures –Evaluation and adjustment of the program based on results of testing, material changes to operations or business arrangements

In re DSW, Inc. Settlement “Security Program” Requires: –Initial/biennial assessments and reports from independent third-party professional, using industry procedures and standards for a period of twenty (20) years

Gramm Leach Bliley Act –Violations of the G-L-B Act’s Privacy and Safeguards Rules are an “unfair or deceptive act or practice” in violation of the FTC Act –Privacy Rule mainly concerns drafting and delivery of “Privacy Notices” to consumers –Safeguards Rule mainly concerns security protection for NPI

In re NATIONWIDE MTGE GRP, INC. –FTC complaint alleged Nationwide and its owner collected NPI and failed to protect it –Violation of Privacy Rule is an unfair and deceptive practice under the FTC Act –Violation of Safeguards Rule is an unfair and deceptive practice under the FTC Act

In re NATIONWIDE MTGE GRP, INC. Security Rule settlement requirements: –Assign employee(s) to oversee program; –Conduct a risk assessment; –Put safeguards in place to control the risks identified and regularly test them; –Require service providers, by written contract, to protect NPI; and –Periodically update its security program

In re NATIONWIDE MTGE GRP, INC. Additional requirements: –Nationwide must obtain an assessment on its safeguards from a qualified, independent third-party –Must use industry procedures and standards –biennially for ten (10) years

Guin v. Brazos Higher Education Service Corp., Inc. NO duty under GLB to encrypt; Brazos acted with “reasonable care” Laptop containing unencrypted NPI stolen from employee’s home office Guin alleged Brazos’ failure to encrypt violated duty under GLB Act to protect security and confidentiality of NPI

2006 NCHELP FALL TRAINING CONFERENCE Questions? Dino Tsibouris

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.