Beginning May 11, 2024, non-banking financial institutions regulated by the Federal Trade Commission (FTC) will be required to submit notifications of data breaches or other security events that impact 500+ consumers. The FTC issued a final rule (the Rule) amending its Safeguards Rule1 to impose this notification requirement.
You may have heard that “data is the new oil”—in other words, data is the critical raw material that drives innovation in tech and business, and like oil, it must be collected at a massive scale and then refined in order to be useful. And there is perhaps no data refinery as large-capacity and as data-hungry as AI. Companies developing AI products, as we have noted, possess a continuous appetite for more and newer data, and they may find that the readiest source of crude data are their own userbases.
In the aftermath of the most damaging and widespread fraud event in our history, this would be an exceptionally bad time to tie government agencies’ hands in protecting citizens and preventing fraud. But unfortunately, the Consumer Financial Protection Bureau (CFPB) is contemplating a new proposed rule to do just that.
The FTC is in the midst of a months-long rulemaking targeting “unfair or deceptive fees” that would fundamentally alter the way businesses can advertise their prices to consumers. Recently, a bipartisan coalition of 19 state AGs (led by General Michelle Henry of Pennsylvania and General Josh Stein of North Carolina) filed a comment letter supporting the FTC’s efforts.
On February 8, New York attorney general (AG) Letisha James announced a $77 million judgment with three merchant cash advance (MCA) companies, Richmond Capital Group, Ram Capital Funding, and Viceroy Capital Funding, and their principals. AG James sued the companies in 2020, alleging they engaged in exploitive lending practices with small businesses, such as charging high interest rates, undisclosed fees, debiting excess amounts, and fraudulently securing judgments against them.