View stunning SlideShares in full-screen with the new iOS app!Introducing SlideShare for AndroidExplore all your favorite topics in the SlideShare appGet the SlideShare app to Save for Later — even offline
View stunning SlideShares in full-screen with the new Android app!View stunning SlideShares in full-screen with the new iOS app!
Consumer Protection Developments Shelly Repp, General Counsel National Council of Higher Education Loan Programs Tom Levandowski, Senior Vice President & Assistant General Counsel Wachovia Corporation Monday May 19th
“ Established business relationship”exception – Can’t stop telemarketing calls from or an behalf of company with whom consumer has established business relationship , unless consumer has asked to be on company-specific do-not-call list.
A relationship b/n seller & a consumer based on:
… a financial transaction b/n consumer & seller within 18 months immediately preceding the date of a telemarketing call, or
the consumer’s inquiry or application regarding a product or service offered by the seller, w/n 3 months immediately preceding date of call .
Continuing activities that indicate current, ongoing relationship: payments, interest accrual, interest billing notices, consumer acceptance of financial benefits from federal government .
Applicable to Affiliates?
Affiliates will fall within the exemption only to extent that the consumer would reasonably expect the affiliate to be included given the nature and type of goods or services offered and the identity of the affiliate.
Relevant Provisions for Student Lending Effective 3/31/03:
Prohibits telemarketers from abandoning any outbound telephone call, and provides safe harbor from liability if telemarketer observes specified service levels for abandonment rate, phone rings, “dead-air” time & maintains records documenting compliance;
Requires telemarketers to transmit the telephone number, and name, when available, of the telemarketer to any caller identification service;
Office of Foreign Assets Control (in Treasury Dept) administers and enforces economic sanctions against targeted foreign countries, terrorists and terrorist organizations, and narcotic traffickers in furtherance of U.S. foreign policy and national security objectives.
Student loans (Staffords, PLUS, Perkins, Private, etc.) must be data-matched against OFAC lists prior to disbursement. Loans shouldn’t be funded on “hits” without OFAC approval (i.e “license”).
S. 745 (Senator Feinstein) – Introduced April 2003.
Sets a national standard for protection of personal information, including SSNs and other health and financial data
For the most sensitive personal information, such as SSNs, and health and financial data, companies must obtain individual’s explicit permission prior to selling, renting or licensing such information to 3 rd Parties.
For nonsensitive personal information such as names and addresses, companies that wish to collect, sell or market that dat must give individuals an opportunity to opt-out.
On April 07, 2003, OCC assessed civil penalties against a bank loan officer and a loan processor who sent thousands of loan files (with non-public personal information) in an unsecure, unencrypted email to an unaffilated 3 rd -party. The customers' info was never compromised, but the very fact that it could have been was enough for the OCC to assess penalties.
The loan officers consented to permanent removals from banking and to civil money penalties of $20,000 and $10,000 respectively.
OCC indicated it will “respond aggressively if they find that bank employees are misusing customer information, or placing it at risk of unauthorized disclosure.”
Their actions violated privacy regulations (e.g. GLBA ISP requirements) and constituted unsafe and unsound banking practices.
In addition to the permanent removals and civil money penalties, the loan officers also consented to personal cease and desist orders requiring them to disclose the OCC’s enforcement act to present and future employers involved in the transfer of nonpublic personal information to federal insured depository institutions.
FFELP consequence? Lenders at risk when sending borrower NPI in unsecure emails to trading partners or borrowers (e.g., disb rosters, counseling results, online certification requests, borrower data files, customer service responses, etc.).
Requires a business or a State agency that maintains computerized data that includes personal information, as defined, to disclose any breach of the security of that data to any California resident whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
Notice, written or electronic, must be must be given in most expedient time possible and without unreasonable delay
SB 1386 - Notification Requirement for 3 rd Party Service Providers.
Any agency or business that maintains computerized data that includes personal information it does not own shall notify the owner of the information of any breach of the security of the data if the personal information was, or is reasonably believed to have been, acquired by an unauthorized person.
Notice must be given immediately following discovery.
New Credit Bureau Requirements: Credit bureaus must offer consumers the ability to freeze their credit files and to "thaw" them with a special PIN (online or by phone) when they want to apply for credit themselves.
Lenders cannot check credit history on frozen account (absent consumer use of PIN to “thaw” account).
Proposed CA AB 1294 - Identity theft: debt collectors:
Bill would require a debt collector to stop collecting a consumer debt for 30 business days when an alleged debtor provides the collector with information on the alleged debtor's status as an identity theft victim and other information as specified.
Requires the collector to review and consider the information submitted and to cease collections if the information reasonably establishes that the alleged debtor did not incur the debt.