See 26 U.S.C. §§ 871, 881, 882. RFIA § 204(a) (adding 26 U.S.C. § 7701(a)(51)).Id. § 204(a).Id. § 301 (adding 15 U.S.C. § 41(b)(4)).Id. § 301 (adding 15 U.S.C. § 41(a)).Id.Id. §§ 401-403.Id. § 404 (adding 7 U.S.C. 5i). For these purposes, a “digital asset exchange” would mean “a trading facility that lists for trading at least 1 digital asset.”

Counsel representing financial institutions in a bankruptcy case and debtor's counsel should understand the GLBA requirements when working together on providing notices, plan solicitations, and negotiations.FTC ActThe Federal Trade Commission Act of 1914 (FTC Act), 15 U.S.C. §§ 41–58, established the FTC in order to regulate questionable business practices. Pursuant to the FTC Act, the FTC is empowered to (1) prescribe rules that set forth in particular detail the acts that the FTC considers unfair or deceptive, along with establishing requirements in order to prevent such acts from transpiring in the first instance, (2) fine violators, as well as prescribe other forms of relief (such as issuing cease and desist orders) for conduct considered deleterious to consumers, (3) conduct investigations in order to enforce the FTC Act, and (4) provide recommendations and reports to Congress in connection with its findings.

I.Legal Exposure to Federal and State Privacy LawsA.Federal Statutes and Enforcement1. Federal Trade Commission Act, 15 U.S.C. §§ 41-58 The Federal Trade Commission (FTC) has emerged as the leading federal regulator for privacy and data security. The FTC enforces a number of statutes that relate to, or provide the basis for, enforcement proceedings related to privacy and data security.

aged in unfair or deceptive privacy or data security practices, or has engaged in unfair or deceptive practices related to risk of harm to consumers. Additionally, the FTC announced its settlement with Rite Aid late in 2023, which alleges that Rite Aid deployed AI recognition technology without reasonable safeguards that falsely tagged consumers as shoplifters, particularly women and people of color. ConclusionThe FTC is concentrating on preventing unfairness and bias that could be passed down to consumers through technological innovations. We are likely to see this focus continue to expand through enforcement actions that should give organizations the opportunity to consider how to use technological innovations while protecting consumer data. In particular, companies utilizing artificial intelligence and machine learning algorithms, and those processing health data and geolocation data, should brace for an increase in scrutiny and further FTC guidance.Footnotes[1] 16 CFR Part 318.[2] 15 U.S.C. §§ 41-58.[3] The FTC’s 2021 Policy Statement provided guidance on the scope of the HBNR, which included its coverage of most health apps not covered under HIPAA, and explained that a breach of security may occur as a result of an organizations own actions, and is not limited to cybersecurity intrusions or nefarious behavior. The 2023 actions were the first actions the FTC took under the HBNR and the first to demonstrate the 2021 policy statement.[4] 16 CFR Part 312.[5] 15 U.S.C. § 45(a).[View source.]

ed.ConclusionIn addition to the new wave of data privacy statutes, several states have recently passed laws creating obligations for private sector actors that handle personal information. For instance, statutes in several states require companies to implement and maintain reasonable security measures with respect to collection and storage of consumer information. As a consequence of this wave of state data privacy laws, companies now face an additional layer of exposure to data privacy lawsuits. Accordingly, companies should evaluate and update their privacy policies and data collection and retention practices. Thorin Klosowski, The State of Consumer Data Privacy Laws in the US (And Why It Matters), N.Y. Times, September 6, 2021, https://www.nytimes.com/wirecutter/blog/state-of-privacy-laws-in-us/.Id. See, e.g., the Federal Trade Commission’s description of sectors and subjects subject to privacy laws at the following website: Privacy and Security | Federal Trade Commission (ftc.gov) 15 U.S. Code § 41 et seq.Supra, note 1. See, e.g., the settlement described in the following article: Natalie Hanson, Judge approves settlement ordering Plaid to pay $58 million for selling consumer data, Courthouse News Service, July 20, 2022, https://www.courthousenews.com/judge-approves-settlement-ordering-plaid-to-pay-58-million-for-selling-consumer-data/.See Cal. Civ. Code, § 1798.140(i) for the definition of “consumer,” available here: California Privacy Rights Act Cal Civ. Code, § 1798.100, et seq. See response to FAQ, No. 1, here: .[View source.]

other digital content." Section 3(p). "Dual-use foundation model is defined in the EO as "an AI model that is trained on broad data; generally uses self-supervision; contains at least tens of billions of parameters; is applicable across a wide range of contexts; and that exhibits, or could be easily modified to exhibit, high levels of performance at tasks that pose a serious risk to security, national economic security, national public health or safety, or any combination of those matters…". Section 3(k). "AI red-teaming" is defined in the EO as "structured testing effort to find flaws and vulnerabilities in an AI system, often in a controlled environment and in collaboration with developers of AI." Section 3(d). 50 U.S.C. 4501 et seq. Section 4.2.Id. Section 4.2(c). Section 4.8. Section 51. Section 5.2(b). Section 6. Section 7.3. Section 5.2(c).Id.Alice Corp. v. CLS Bank Int’l., 573 U.S. 208 (2014). Section 5.2(e). Section 5.2(f). Section 8(b). Section 8(b)(v). Section 5.2(g).Id.Id. 15 U.S.C. 41 et seq. Section 5.3(a). Public Law 117-167. Section 5.3(b).Id.Id. "Crime forecasting" is defined in the EO as "the use of analytical techniques to attempt to predict future crimes or crime-related information. It can include machine-generated predictions that use algorithms to analyze large volumes of data, as well as other forecasts that are generated without machines and based on statistics, such as historical crime statistics." Section 3(g). Section 7.1(b). Section 7.2(b)(i). Section 7.2(b)(ii). Section 7.3(b).Id. Section 8(c).Id. Section 8(d).Id. Section 8(e). Section 9(a).Id. Section 9(b). Section 10(a). Section 10(b).Id. Section 10(d). Section 10(f)(2).Id. Section 11(a)(ii). Section 11(b). Section 11(c)-(d).

.Note that the DFS letter does not discuss all situations in which a creditor or servicer may owe a consumer a refund or rebate for the unused portion of an ancillary product. The letter focuses on contracts that end due to repossession or total loss of the vehicle. However, a creditor or servicer may also owe a refund if a debtor cancels an ancillary product voluntarily or prepays the debt in full before the end of the ancillary product's term. Note also that the contract and state law will dictate the calculation of any required rebate. The DFS letter indicates that consumers are entitled to prorated rebates, but that may not be exactly right; some contracts or state laws may require or allow other formulas for rebates.The DFS letter does not specify under which law it considers the cited practices unfair or deceptive. However, the explanations of how the practices are unfair and deceptive suggest that the DFS based its arguments on the standards in the Federal Trade Commission Act, 15 U.S.C. §§ 41 et seq., as the FTC has interpreted those standards, or the Dodd-Frank Act, 12 U.S.C. §§ 5491 et seq., as the Consumer Financial Protection Bureau has interpreted those standards. Additionally, New York's Consumer Protection from Deceptive Acts and Practices Law, N.Y. Gen. Bus. Law §§ 349 et seq., prohibits deceptive acts and practices in business, trade, commerce, and the furnishing of any service in New York.What can you take away from this DFS letter? The most obvious lesson is that the DFS is on the lookout for companies that claim larger deficiency balances than they should because of missing or miscalculated rebates or credits. When a credit contract ends for any reason, whether on schedule or not, you need to address all remaining items, both what the consumer owes you and what you may owe the consumer. Sometimes, this process is simple. Maybe the consumer paid on time every month and the only remaining item is a lien release fee. Other times, it's more complex. If you reposses

e or more unified opt-out mechanisms, including global privacy signals, to allow individuals to exercise their rights to object to data transfer and opt-out of targeted advertising.Requires large data holders to annually certify their maintenance of internal controls and reporting structures designed to ensure compliance with the Act.Requires covered entities with more than 15 employees to appoint at least one privacy officer and one data security officer responsible for implementation of the entity’s privacy and data security programs. Large data holders are further required to appoint a privacy protection officer who reports directly to the company’s highest official and oversees the development and/or implementation of policy reviews, audits, and employee training.Grants the Division of Consumer Protection authority to enforce the Act.Violations of the Act constitute unfair or deceptive acts or practices and are subject to the penalties outlined in the Federal Trade Commission Act (15 U.S.C. § 41 et seq.)Authorizes the state AG to bring civil actions to enforce the Act. State AG may seek civil penalties, damages, injunctive relief, and reasonable attorneys’ fees.Creates a private right of action (effective two years after the Act’s effective date) for specific violations of the Act. Plaintiffs may seek compensatory damages, injunctive and declaratory relief, and reasonable attorneys’ fees. For suits brought pursuant to this private right of action, Act establishes a 45-day cure period for small businesses.Entities compliant with the data privacy requirements of GLBA, FCRA, FERPA, and HIPAA are deemed compliant with related requirements of the Act, except for Section 1527 of the Act (the Act’s data security requirements). Compliance with GLBA and HIPAA’s information security requirements establishes compliance with Section 1527.Establishes a Privacy and Security Victims Relief Fund, into which civil penalties collected pursuant to the Act are to be deposited.Grants the Division

ncy’s attempt to litigate its enforcement action in an administrative proceeding presided over by an Administrative Law Judge (ALJ), removable only for good cause as determined by the Merit Systems Protection Board (MSPB) rather than by the President. Respondents each argued “that [this] fundamental aspect of the Commission’s structure violates the Constitution; that the violation made the entire proceeding unlawful; and that being subjected to such an illegitimate proceeding causes legal injury (independent of any rulings that the ALJ might make).” Respondents premised jurisdiction on a district court’s ordinary federal-question authority under 28 U.S.C. § 1331 to resolve “civil actions arising under the Constitution, laws and treaties of the United States.”Respondents filed their collateral Constitutional actions to enjoin the FTC’s and SEC’s administrative actions despite the fact that both the Securities Exchange Act of 1934 (Exchange Act, 15 U.S.C. § 78a et seq.) and the FTC Act (15 U.S.C. § 41 et seq.), provide that the SEC and FTC can bring enforcement actions by instituting administrative proceedings adjudicated by an ALJ, and each set forth the procedures which must be followed to appeal an ALJ’s ruling. Under these statutes, a losing party in the administrative forum can appeal an ALJ’s ruling to the respective agency, either the SEC or FTC. Only after a final commission decision is a respondent permitted to seek review by a federal court of appeals of the commission decision. See 15 U.S.C. § 78y(a)(1); 15 U.S.C. § 45(c). Prior to this decision by the Supreme Court, lower courts were routinely rejecting similar collateral attacks on SEC and FTC administrative proceedings.In both Axon and Cochran, the respondents sought to enjoin the administrative proceedings in federal district court prior to an ALJ decision. Specifically, in Cochran, the SEC brought an administrative action against a certified public accountant, Michelle Cochran, for allegedly failing to comply with a

In her resignation statement, Commissioner Wilson pulled no punches against Chair Khan, leading her op-ed with the following statement:“Much ink has been spilled about Lina Khan’s attempts to remake federal antitrust law as chairman of the Federal Trade Commission. Less has been said about her disregard for the rule of law and due process and the way senior FTC officials enable her. I have failed repeatedly to persuade Ms. Khan and her enablers to do the right thing, and I refuse to give their endeavor any further hint of legitimacy by remaining.” The FTC is designed by statute to be bipartisan, as no more “than three of the Commissioners shall be members of the same political party.” 15 U.S.C. § 41. Under the Biden administration, three of the five Commissioners have been Democrats, with a strong focus on activist appointees. The two Republican Commissioners have dissented from many FTC decisions, but the majority, led by Chair Khan, has been able to pursue its agenda over those dissents. According to Commissioner Wilson’s statement, Chair Khan has “consolidated power within the Office of the Chairman, breaking decades of bipartisan precedent and undermining the commission structure that Congress wrote into law.”Republican Noah Phillips resigned as a Commissioner in October 2022, before his term expired. Although he did not issue a negative public resignation statement, he often joined Commissioner Wilson in challenging Chair Khan’s agenda, arguing that the FTC’s activities exceeded the agency’s legal authority. Commissioner Wilson’s resignation will leave the FTC with just three commissioners—all from the same political party. Her departure is not likely to change the outcome o