Financial Services Law Developments: 9/10/23

Thursday, September 14, 2023

FYI: Delaware Enacts Personal Data Privacy Act

Delaware Governor John Carney on Sept. 11 signed into law House Bill 154, the Delaware Personal Data Privacy Act. This makes Delaware the 12th state to enact a comprehensive consumer data privacy law, following California, Virginia, Colorado, Utah, Connecticut, Iowa, Indiana, Tennessee, Montana, Texas, and Oregon.

The new Delaware law will go into effect Jan. 1, 2025.

For a chart comparing the state comprehensive data privacy acts, and more information and insight from Maurice Wutscher on data privacy and security laws and legislation, click here.

APPLICABILITY

The Act applies to persons that conduct business in Delaware or persons that produce products or services that are targeted to residents of Delaware and that during the preceding calendar year did any of the following:

Controlled or processed the personal data of not less than 35,000 consumers, excluding personal data controlled or processed solely for the purpose of completing a payment transaction.

Controlled or processed the personal data of not less than 10,000 consumers and derived more than 20 percent of their gross revenue from the sale of personal data.

EXEMPTIONS

Exemptions include, but are not limited to:

Any financial institution or affiliate of a financial institution, all as defined in 15 U.S.C. 6809, to the extent that the financial institution or affiliate is subject to Title V of the Gramm Leach Bliley Act and the rules and implementing regulations promulgated thereunder;

Data subject to the Gramm Leach Bliley Act and the rules and implementing regulations promulgated thereunder;

Protected health information under HIPAA;

Activities regulated by the Fair Credit Reporting Act.

CONSUMER RIGHTS

Consumers have the right to:

Confirm processing of their personal data and access such data;

Correct inaccuracies, taking into account the nature of the personal data and the purposes of the processing of the consumer's personal data;

Delete personal data provided by, or obtained about, the consumer;

Obtain a copy of the consumer's personal data processed by the controller;

Obtain a list of the categories of third parties to which the controller has disclosed the consumer's personal data;

Opt out of processing if for the purpose of targeted advertising, sale, or profiling.

SENSITIVE PERSONAL INFORMATION

Sensitive personal data may not be processed without the consumer's consent or, in the case of a known child, without first obtaining consent from the child's parent or lawful guardian and otherwise complying with the Delaware Online Privacy and Protection Act, specifically Del. Code Ann. tit. 6, § 1204C.

Sensitive Data means personal data that includes any of the following:

Data revealing racial or ethnic origin, religious beliefs, mental or physical health condition or diagnosis (including pregnancy), sex life, sexual orientation, status as transgender or nonbinary, citizenship status, or immigration status.

Genetic or biometric data.

Personal data of a known child.

Precise geolocation data.

CONTRACT REQUIREMENTS

A contract between a controller and processor must clearly set forth instructions for processing data, the nature and purpose of processing, the type of data subject to processing, the duration of processing and the rights and obligations of both parties and:

Ensure that each person processing personal data is subject to a duty of confidentiality with respect to the data.

At the controller's direction, delete or return all personal data to the controller as requested at the end of the provision of services, unless retention of the personal data is required by law.

Upon the reasonable request of the controller, make available to the controller all information in its possession necessary to demonstrate the processor's compliance with the obligations in this chapter.

After providing the controller an opportunity to object, engage any subcontractor pursuant to a written contract that requires the subcontractor to meet the obligations of the processor with respect to the personal data.

Allow, and cooperate with, reasonable assessments by the controller or the controller's designated assessor.

DATA PROTECTION ASSESSMENTS

A controller that controls or processes the data of not less than 100,000 consumers must conduct and document on a "regular basis" a data protection assessment for processing activities that presents a heightened risk of harm to a consumer, including:

Processing for the purpose of targeted advertising;

Processing for the purpose of selling personal data;

Processing for the purpose of certain profiling; and

Processing sensitive data.

The "100,000 consumers" threshold excludes data controlled or processed solely for the purpose of completing a payment transaction.

ENFORCEMENT

The Act does not create a private right of action. A violation is an unlawful practice under Del. Code Ann. tit. 6, § 2513 and can be enforced solely by the Attorney General pursuant to Del. Code Ann. tit. 6, § 2522. Provided a person cannot cure a violation within 60 days, the Attorney General may seek injunctive relief and a civil penalty of not more than $10,000 for each willful violation. The opportunity to cure provision expires Dec. 31, 2025.

Ralph T. Wutscher
Maurice Wutscher LLP
The Loop Center Building
105 W. Madison Street, 6^th Floor
Chicago, Illinois 60602
Direct: (312) 551-9320
Fax: (312) 284-4751

Mobile: (312) 493-0874
Email: rwutscher@MauriceWutscher.com

Admitted to practice law in Illinois

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.

Our updates and webinar presentations are available on the internet, in searchable format, at:

Financial Services Law Updates

and

The Consumer Financial Services Blog™

and

Webinars

Monday, September 11, 2023

FYI: Cal App Ct (2nd Dist) Holds Bank Owed Duty of Care to Deposit Customer as to Blocked Account

The California Court of Appeals, Second Appellate District, recently reversed a trial court's ruling, and held that a defendant bank owed the plaintiff law firm a duty of care based on the special relationship the bank had with the law firm as an intended beneficiary of a probate court's blocked account order.

In so ruling, the Appellate Court explained that, although banks do not generally have a duty to police customer accounts for suspicious activity, the bank here owed the law firm a duty to act with reasonable care in limiting distributions from the blocked account to those authorized by court order.

A copy of the opinion is available at: Link to Opinion

A law firm filed an action against a bank, claiming negligence in the disbursement of funds from an account containing estate funds to the sole signatory on the account, the administrator of the estate. Specifically, the law firm alleged that the bank was negligent in disbursing the entirety of the estate funds to the administrator despite a probate court order specifying that the administrator would receive at most $16,000 from the account, with most of the remaining funds to be paid to the law firm and then to other beneficiaries.

The trial court granted the bank's motion for summary judgment, concluding that the bank owed no duty of care to the law firm and had complied with the probate court order. The law firm timely appealed.

On appeal, the law firm contended it raised triable issues of fact with respect to whether the bank owed a duty to the firm, whether the bank breached any such duty, and whether the bank's conduct in distributing the funds to the administrator, who absconded with the funds, was the proximate cause of the law firm's damages.

In finding a duty of care, California courts consider the factors articulated by the California Supreme Court in Biakanja v. Irving (1958) 49 Cal.2d 647: (1) the extent to which the transaction was intended to affect the plaintiff; (2) the foreseeability of harm to the plaintiff; (3) the degree of certainty that the plaintiff suffered injury; (4) the closeness of the connection between the defendant's conduct and the injury suffered; (5) the moral blame attached to the defendant's conduct; and (6) the policy of preventing future harm. Id. at 650. However, "[d]eciding whether to impose a duty of care turns on a careful consideration of the 'the sum total' of the policy considerations at play, not a mere tallying of some finite, one size-fits-all set of factors." Southern California Gas Leak Cases (2019) 7 Cal.5th 391, 401.

Here, the Second District ruled that the bank and the law firm had a special relationship because the law firm was an intended beneficiary of the blocked account order, which limited distribution of the estate funds. Therefore, the Court applied the Biakanja factors to determine whether the bank owed a duty of care to the law firm in making distributions from the blocked account.

Although banks do not generally have a duty to police customer accounts for suspicious activity, the Second Appellate District concluded that application of the Biakanja factors revealed that the bank here did owe the law firm, as an intended beneficiary of the blocked account order, a duty to act with reasonable care in limiting distributions from the blocked account to those authorized by court order.

First, the Court found that the blocked account order, by preventing disbursement of the estate funds in the blocked account without a court order authorizing payment, was intended to affect the law firm, which had a priority right to those funds. Second, it was foreseeable that distributing the entirety of the funds in the blocked account to one beneficiary, without a court order directing disbursement of the funds, would harm the other beneficiaries, including the law firm. Third, the law firm suffered injury as a result of the bank allowing the administrator to withdraw all the funds in the blocked account, depriving the law firm of any payment. Fourth, there was likewise a close connection between the bank's conduct in distributing all the funds to the administrator and the law firm's injury. Finally, the goal to prevent future harm supported the conclusion that a bank owes a duty of care to an intended beneficiary where a bank releases funds from a blocked account without court authorization.

The bank contended that it did not breach any duty owed to the law firm because it followed the probate court order in releasing the funds in the blocked account to the administrator as the only authorized signatory on the account. However, the Second Appellate District agreed with the law firm that the language of the court order did not direct the bank to unblock the account for release of all the funds to the administrator. While possibly the administrator's signature would have been necessary to effectuate the release of funds to the law firm and other beneficiaries, that did not mean she could withdraw any funds from the blocked account without a court order directing the bank to release the funds to her.

Accordingly, the Second District held that there were triable issues of fact as to whether the bank breached its duty and whether that breach caused the law firm harm by allowing the administrator to withdraw all the funds in the account. Thus, the Court reversed the trial court's summary judgment in favor of the bank.

Ralph T. Wutscher
Maurice Wutscher LLP
The Loop Center Building
105 W. Madison Street, 6^th Floor
Chicago, Illinois 60602
Direct: (312) 551-9320
Fax: (312) 284-4751

Mobile: (312) 493-0874
Email: rwutscher@MauriceWutscher.com

Admitted to practice law in Illinois

Our updates and webinar presentations are available on the internet, in searchable format, at:

Financial Services Law Updates

and

The Consumer Financial Services Blog™

and

Webinars

PLEASE NOTE:

The editor and sponsoring law firm of this blog represent and serve banks, lenders, loan buyers, loan servicers, debt collectors, and other financial services companies. We do not represent consumers.

Any communications or information obtained may be provided to our clients, including for the purpose of debt collection.

The information in this blog and related updates is general in nature, and should not be considered legal advice.

Legal advice requires a full and complete understanding of a particular situation. Your situation may involve material facts that prevent the direct application of the information in this blog and related updates.

You will not become a client of the editor or sponsoring law firm simply by reading this blog.

In order to become a client of the editor or sponsoring law firm, the editor or sponsoring law firm must agree to represent you in writing.

Until we agree to represent you in writing, we are not prevented from representing any other party.

Until you are a client of the editor or sponsoring law firm, any communications with us will not be confidential.

The Editor's Bio

Ralph T. Wutscher
Maurice Wutscher LLP
20 N. Clark Street, 33rd Floor
Chicago, Illinois 60602
Direct: (312) 493-0874
RWutscher@MauriceWutscher.com
https://www.MauriceWutscher.com/

Ralph Wutscher's practice focuses primarily on representing depository and non-depository mortgage lenders and servicers, as well as mortgage loan investors, distressed asset buyers and sellers, loss mitigation companies, automobile and other personal property secured lenders and finance companies, credit card and other unsecured lenders, and other consumer financial services providers. He represents the consumer lending industry as a litigator, and as regulatory compliance counsel.

Ralph has substantial experience in defending private consumer finance lawsuits, including cases ranging from large interstate putative class actions to localized single-asset cases, as well as in responding to regulatory investigations and other governmental proceedings. His litigation successes include not only victories at the trial court level, but also on appeal, and in various jurisdictions. He has successfully defended numerous putative class actions asserting violations of a wide range of federal and state consumer protection statutes. He is frequently consulted to assist other law firms in developing or improving litigation strategies in cases filed around the country.

Ralph also has substantial experience in counseling clients regarding their compliance with federal laws, and with state and local laws primarily of the Midwestern United States. For example, he regularly provides assistance in connection with portfolio or program audits, consumer lending disclosure issues, the design and implementation of marketing and advertising campaigns, licensing and reporting issues, compliance with usury laws and other limitations on pricing, compliance with state and local “predatory lending” laws, drafting or obtaining opinion letters on a single- or multi-state basis, interstate branching and loan production office licensing, evaluations and modifications of new or existing products and procedures, debt collection and servicing practices, proper methods of responding to consumer inquiries and furnishing consumer information, as well as proposed or existing arrangements with settlement service providers and other vendors, and the implementation of procedural or other operational changes following developments in the law.

Ralph is a member of the Governing Committee of the Conference on Consumer Finance Law. He is also the immediate past Chair of the Preemption and Federalism Subcommittee for the ABA's Consumer Financial Services Committee. He served on the Law Committee for the former National Home Equity Mortgage Association, and completed two terms as Co-Chair of the Consumer Credit Committee of the Chicago Bar Association.

Ralph received his Juris Doctor from the University of Illinois College of Law, and his undergraduate degree from the University of California at Los Angeles (UCLA). He is a member of the national Mortgage Bankers Association, the American Bankers Association, the Conference on Consumer Finance Law, DBA International, the ACA International Members Attorney Program, as well as the American and Chicago Bar Associations.

Ralph is admitted to practice in Illinois, as well as in the United States Court of Appeals for the Seventh Circuit, the United States District Courts for the Northern and Southern Districts of Illinois, and the United States District Court for the Eastern District of Wisconsin, and has been admitted pro hac vice in various jurisdictions around the country.