Friday, March 8, 2024

FYI: New Hampshire Enacts Comprehensive Consumer Data Privacy Law

New Hampshire Governor Chris Sununu recently signed into law Senate Bill 255, making New Hampshire the 14th state to enact a comprehensive consumer data privacy law, following California, Virginia, Colorado, Utah, Connecticut, Iowa, Indiana, Tennessee, Montana, Texas, Oregon, Delaware, and New Jersey.  The law will go into effect Jan. 1, 2025.

 

A copy of the legislation is available at:  Link to SB255

 

APPLICABILITY

 

The Act applies to persons that conduct business in New Hampshire or persons that produce products or services that are targeted to residents of New Hampshire that during a one-year period:

 

  • Controlled or processed the personal data of not less than 35,000 unique consumers, excluding personal data controlled or processed solely for the purpose of completing a payment transaction; or

 

  • Controlled or processed the personal data of not less than 10,000 unique consumers and derived more than 25 percent of their gross revenue from the sale of personal data.

 

EXEMPTIONS

 

Exemptions include, but are not limited to:

 

·        A financial institution or data subject to Title V of the Gramm-Leach-Bliley Act, 15 U.S.C. § 6801, et seq.;

·        Protected health information under the Health Insurance Portability and Accountability Act of 1996;

·        The collection, maintenance, disclosure, sale, communication, or use of any personal information to the extent that such activity is regulated by and authorized under the Fair Credit Reporting Act, 15 U.S.C. § 1681, et seq.

 

CONSUMER RIGHTS

 

Consumers have the right to:

 

·        Confirm whether a controller is processing their personal data and access such personal data;

·        Correct inaccuracies in their personal data;

·        Delete personal data provided by, or obtained about, the consumer;

·        Obtain a copy of their data processed by the controller in a portable and, to the extent technically feasible, readily usable format;

·        Opt-out of the processing of the personal data for purposes of targeted advertising, the sale of personal data (subject to exceptions), or profiling in furtherance of solely automated decisions that produce legal or similarly significant effects concerning the consumer.

 

SENSITIVE DATA

 

A controller may not process sensitive data concerning a consumer without obtaining the consumer's consent or, in the case of the processing of sensitive data concerning a known child, without processing such data in accordance with the Children's Online Privacy and Protection Act.

 

"Sensitive data" means personal data that includes data revealing:

 

·        Racial or ethnic origin;

·        Religious beliefs;

·        Mental or physical health condition or diagnosis;

·        Sex life or sexual orientation;

·        Citizenship or immigration status;

·        Genetic or biometric data processed for the purpose of uniquely identifying an individual;

·        Personal data collected from a known child;

·        Precise geolocation data.

 

CONTRACT REQUIREMENTS

 

A contract between a controller and a processor must set forth instructions for processing data, the nature and purpose of processing, the type of data subject to processing, the duration of processing and the rights and obligations of both parties. The contract shall also require that the processor:

 

·        Ensure that each person processing personal data is subject to a duty of confidentiality with respect to the data;

·        At the controller's direction, delete or return all personal data to the controller as requested at the end of the provision of services, unless retention of the personal data is required by law;

·        Upon the reasonable request of the controller, make available to the controller all information in its possession necessary to demonstrate the processor's compliance with the obligations in this chapter;

·        After providing the controller an opportunity to object, engage any subcontractor pursuant to a written contract that requires the subcontractor to meet the obligations of the processor with respect to the personal data; and

·        Allow, and cooperate with, reasonable assessments by the controller or the controller's designated assessor, or the processor may arrange for a qualified and independent assessor to conduct an assessment of the processor's policies and technical and organizational measures in support of the obligations under this chapter, using an appropriate and accepted control standard or framework and assessment procedure for such assessments. The processor must provide a report of such assessment to the controller upon request.

 

DATA PROTECTION ASSESSMENTS

 

A controller must conduct and document a data protection assessment for each of the controller's processing activities that presents a heightened risk of harm to a consumer, including:

 

·        The processing of personal data for the purposes of targeted advertising;

·        The sale of personal data;

·        The processing of personal data for the purposes of certain profiling; and

·        The processing of sensitive data.

 

ENFORCEMENT

 

The Act does not create a private right of action. A violation that is not cured within 60 days of notice from the Attorney General is an unfair method of competition or an unfair or deceptive act or practice in the conduct of any trade or commerce under N.H. Rev. Stat. Ann. § 358-A:2 which provides for injunctive relief and civil penalties up to $10,000 for each violation.

 

IMPRESSION

 

This law follows the pattern of many post-California comprehensive data privacy laws and should not present overly burdensome compliance challenges for those complying with those other laws.

 

For a chart comparing the state comprehensive data privacy acts, and more information and insight from Maurice Wutscher on data privacy and security laws and legislation, click here.

 

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
20 N. Clark Street, Suite 3300
Chicago, Illinois 60602
Direct:  (312) 551-9320

Mobile:  (312) 493-0874
Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.


Our updates and webinar presentations are available on the internet, in searchable format, at:

 

Financial Services Law Updates

 

and

 

The Consumer Financial Services Blog

 

and

 

Webinars

  

 

 

 

 

Saturday, February 24, 2024

FYI: Texas Sup Ct Holds Foreclosure Statute of Limitation Reset by Rescission Sent With Reacceleration Notice

The Supreme Court of Texas recently held that, when a lender or loan servicer rescinds its acceleration of a loan in compliance with Texas Civil Practice and Remedies Code Section 16.038, the rescission resets the statute of limitation even if it is combined with a notice of reacceleration.

 

A copy of the opinion is available at:  Link to Opinion

 

In 2004, two borrowers obtained a loan secured by a deed of trust on their home.  The deed of trust provided that "all sums secured by this Security Instrument and accrued interest thereon shall at once become due and payable at the option of Lender without prior notice, except as otherwise required by applicable law, and regardless of any prior forbearance." It also waived any notice of intent to accelerate, but upon acceleration, borrower could reinstate the loan "as if no acceleration had occurred" by paying all sums due plus costs.

 

The borrowers defaulted on the loan, and the loan servicer issued a notice of intent to accelerate in October 2015, followed by written notice that the loan had been accelerated in February 2016. However, no foreclosure sale ever occurred.

 

Over the next several years, the borrowers filed for bankruptcy on numerous occasions, all of which the bankruptcy court dismissed.  During this period of time, the loan servicer sent the borrowers a "Notice of Acceleration of Maturity" that rescinded its earlier acceleration of the note, and reaccelerated the debt. The loan servicer's final notice also stated: "Any acceleration of the Note made prior to sending this Notice is hereby rescinded in accordance with the Texas Practice and Remedies Code § 16.038."

 

The borrower filed a lawsuit in state court, asserting that the limitations period had run four years after the first acceleration in February 2016, and requesting any foreclosure be barred.  The loan owner and servicer removed the case to federal court, and eventually moved for summary judgment.  The federal trial court ruled in favor of the loan owner and servicer, and borrowers appealed to the U.S. Court of Appeals for the Fifth Circuit.

 

The Fifth Circuit certified the question of whether a lender could simultaneously rescind a prior acceleration and re-accelerate a loan under Tex. Civ. Prac. & Rem. Code § 16.038 to the Texas Supreme Court.  This opinion followed.

 

The Texas Supreme Court first recounted that, in Texas, a mortgagee must bring suit to foreclose on a real property lien "not later than four years after the day the cause of action accrues."  See Tex. Civ. Prac. & Rem. Code § 16.035(a).  Although the accrual date is usually the maturity date of the loan, when the loan documents include an acceleration clause, the statute of limitations on the foreclosure claim accrues at the time of acceleration.

 

In addition, the Court noted, Texas Civil Practice and Remedies Code Section 16.038 allows a mortgagee to rescind a prior acceleration "by a written notice of a rescission or waiver served . . . on each debtor who . . . is obligated to pay the debt."  The notice must be served "by first class or certified mail and is complete when the notice is deposited in the United States mail, postage prepaid and addressed to the debtor at the debtor's last known address."  Rescission under this section "does not affect a lienholder's right to accelerate the maturity date of the debt in the future nor does it waive past defaults." Id. § 16.038(d).

 

The borrowers did not dispute that the notices were properly sent.  Instead, they argued that "the limitations period did not reset because these letters further informed them that their loan was reaccelerated." Relying on Swoboda v. Ocwen Loan Servicing, 579 S.W.3d 628, 632–33 (Tex. App.—Houston [14th Dist.] 2019, no pet.), the borrowers asserted that reacceleration will not reset the statute of limitations unless the earlier acceleration was abandoned.  In addition, the borrowers argued that Section 16.038 refers to a mortgagee's right to accelerate "in the future", and therefore "that a notice rescinding an earlier acceleration is ineffective if it is accompanied by a notice that the loan is reaccelerated."

 

Agreeing with the loan owner and servicer, the Texas Supreme Court held that the statute "does not require that the rescission notice be distinct or separate from other notices that a lender might send to borrowers with a loan in default." In the absence of any such requirement in the statute, the Court held that none should be read into the statute.

 

The Court also rejected the borrower's common-law abandonment argument.  The Texas Supreme Court noted that, in Swoboda, "the court of appeals held that an abandonment of acceleration must be clear enough to 'justify the borrower in believing and acting upon the belief that the effect of the failure to pay an installment was to be disregarded, and that the contract should stand as if there had been no default.'" 

 

On the other hand, a rescission under Section 16.038, "'is complete' upon the lender's depositing the notice in the mail, addressed to the "the debtor's last known address." The statute expressly states that a rescission "does not affect a lienholder's right to accelerate the maturity date of the debt in the future", and does not create a waiting period between rescission and reacceleration of specific duration.  "It is the very nature of rescission to remove the earlier acceleration, paving the way for a new one to follow, whether in the same letter or by separate notice."

 

Accordingly, the Supreme Court of Texas held a mortgagee's "simultaneous reacceleration does not nullify a rescission that complies with Civil Practice and Remedies Code Section 16.038."

 

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
20 N. Clark Street, Suite 3300
Chicago, Illinois 60602
Direct:  (312) 551-9320
Mobile:  (312) 493-0874
Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.


Our updates and webinar presentations are available on the internet, in searchable format, at:

 

Financial Services Law Updates

 

and

 

The Consumer Financial Services Blog

 

and

 

Webinars

  

 

 

 

 

Tuesday, January 23, 2024

FYI: New Jersey Enacts Comprehensive Consumer Data Privacy Law

New Jersey Governor Phil Murphy on Jan. 16, 2024 signed into law Senate Bill 332, making New Jersey the thirteenth state to enact a comprehensive consumer data privacy law, following California, Virginia, Colorado, Utah, Connecticut, Iowa, Indiana, Tennessee, Montana, Texas, Oregon and Delaware. 

 

The new law will go into effect Jan. 16, 2025.

 

For a chart comparing the state comprehensive data privacy acts, and more information and insight from Maurice Wutscher on data privacy and security laws and legislation, click here.

 

APPLICABILITY

 

The Act applies to controllers that conduct business in New Jersey or produce products or services that are targeted to New Jersey residents, and that during a calendar year either:

 

    control or process the personal data of at least 100,000 consumers, excluding personal data processed solely for the purpose of completing a payment transaction; or

    control or process the personal data of at least 25,000 consumers and the controller derives revenue or receives a discount on the price of any goods or services, from the sale of personal data.

 

EXEMPTIONS

 

Exemptions include, but are not limited to:

 

    A financial institution, data, or affiliate of a financial institution that is subject to Gramm-Leach-Bliley Act and implementing rules;

    Protected health information collected under the Health Insurance Portability and Accountability Act of 1996;

    Personal data collected, processed, sold, or disclosed by a consumer reporting agency as authorized by the Fair Credit Reporting Act.

 

CONSUMER RIGHTS

 

Consumers have the right to:

 

    Confirm a controller's processing of their personal data;

    Correct inaccuracies in their personal data;

    Delete their personal data;

    Obtain a copy of their personal data held by the controller;

    Opt out of the processing of their personal data if the processing is for the purpose of targeted advertising, sale of their personal data, or certain profiling.

 

SENSITIVE DATA

 

A controller may not process sensitive data concerning a consumer without first obtaining the consumer's consent, or, in the case of the processing of personal data concerning a known child, without processing such data in accordance with the Children's Online Privacy and Protection Act.

 

"Sensitive data" means personal data revealing:

 

    Racial or ethnic origin;

    Religious beliefs;

    Mental or physical health condition, treatment, or diagnosis;

    Financial information, which shall include a consumer's account number, account log-in, financial account, or credit or debit card number, in combination with any required security code, access code, or password that would permit access to a consumer's financial account;

    Sex life or sexual orientation;

    Citizenship or immigration status;

    Status as transgender or non-binary;

    Genetic or biometric data that may be processed for the purpose of uniquely identifying an individual;

    Personal data collected from a known child; or

    Precise geolocation data.

 

CONTRACT REQUIREMENTS

 

A contract between a controller and processor must clearly set forth:

 

    The processing instructions to which the processor is bound, including the nature and purpose of the processing;

    The type of personal data subject to the processing, and the duration of the processing;

    That the processor ensures each person processing the personal data is subject to a duty of confidentiality;

    That any subcontractor engaged by the processor is subject to the same contractual obligations as between the controller and the processor;

    That the controller and processor implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk;

    That the processor deletes or returns all personal data to the controller as requested at the end of the provision of services;

    That the processor makes available to the controller all information necessary to demonstrate compliance; and

    That the processor allows for, and contributes to, reasonable assessments and inspections by the controller.

 

DATA PROTECTION ASSESSMENTS

 

A controller must conduct a data protection assessment for processing that presents a heightened risk of harm to a consumer, including:

 

    Processing personal data for the purposes of targeted advertising or certain profiling;

    Selling personal data;

    Processing sensitive data.

 

ENFORCEMENT

 

The Act does not create a private right of action. A violation that is not cured within 30 days of notice is an unlawful practice under N.J. Stat. § 56:8-1, et seq., and the Attorney General may seek injunctive relief, costs, and penalties of not more than $10,000 for the first offense and not more than $20,000 for the second and each subsequent offense.

RULEMAKING

 

The Attorney General, through the Division of Consumer Affairs, is charged with promulgating rules and regulations.

 

IMPRESSIONS

 

This legislation, which was introduced in 2022, is a good example of legislators listening to stakeholders and making appropriate changes in response. The bill was amended six times, with the next to the last gutting the bill and replacing it with provisions akin to those in laws adopted by most other states, which will be a relief to those incorporating the requirements into a compliance program.

 

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
20 N. Clark Street, Suite 3300
Chicago, Illinois 60602
Direct:  (312) 551-9320
Fax: (312) 284-4751

Mobile:  (312) 493-0874
Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.


Our updates and webinar presentations are available on the internet, in searchable format, at:

 

Financial Services Law Updates

 

and

 

The Consumer Financial Services Blog

 

and

 

Webinars

  

 

 

 

 

Thursday, January 4, 2024

FYI: Data Privacy & Security Roundup: New Laws, Regulations and Important Dates in 2024

The upward trend in data privacy legislation continued in 2023. According to the National Conference of State Legislatures, "[a]t least 40 states and Puerto Rico introduced or considered at least 350 consumer privacy bills in 2023," a significant increase from the 200 bills in 2022

 

Many of these bills were limited in scope, relating to, for example, biometric, genetic and geolocation data, data brokers, and internet service providers.

 

STATE COMPREHENSIVE CONSUMER DATA PRIVACY LAWS

 

Narrowing the focus to legislation that conveys certain rights to consumers and restricts the use of personal information, more than 60 bills were considered in almost 30 states. A comparison chart of those bills can be accessed here.

 

In 2023, seven states joined California, Virginia, Colorado, Utah and Connecticut in passing comprehensive data privacy legislation.

 

    Iowa SF 262 was enacted March 28 and goes into effect Jan. 1, 2025.

    Indiana SB 5 was enacted May 1 and goes into effect Jan. 1, 2026.

    Tennessee HB 1181 was enacted May 11 and goes into effect July 1, 2024.

    Montana SB 384 was enacted May 19 and goes into effect Oct. 1, 2024.

    Texas HB 4 was enacted June 18 and goes into effect July 1, 2024.

    Oregon SB 619 was enacted July 18 and goes into effect July 1, 2024.

    Delaware HB 154 was enacted Sept. 11 and goes into effect Jan. 1, 2025.

 

Although there are differences worth attention, these laws are very similar to those enacted after the California Consumer Protection Act, and most include:

 

    Right to access

    Right to correct (except Iowa)

    Right to delete

    Right to obtain

    Right to opt-out of certain processing

    Data and entity-level Gramm-Leach-Bliley Act exemptions (Oregon is data-level only but includes an entity-level exemption for financial institutions as defined in Rev. Stat. Ann. § 706.008)

    Requirements for contracts between controllers and processors

    Risk assessments for processing certain data (except Iowa)

    No private right of action

 

A chart comparing the comprehensive data privacy laws is available here.

 

STATE DATA BREACH NOTIFICATION LAWS

 

Utah SB 127 was enacted March 23 and went into effect May 3. Amendments include:

 

    Creation of the Utah Cyber Center tasked with, among other things, developing a cybersecurity plan for government agencies, identifying, assessing, and mitigating cyber threats, and promoting cybersecurity best practices;

    Requiring notification to the attorney general and the Utah Cyber Center.

 

Texas SB 768 was enacted May 27 and went into effect Sept. 1. Amendments include:

 

    Shortening the time to notify the attorney general from 60 days to 30;

    Requiring notification be submitted electronically using a form provided on the attorney general's website.

 

Nevada SB 355 was enacted June 15 and went into effect Oct. 1. The law amends Nevada's data breach notification statutes (Nev. Rev. Stat. Ann. § 603A.300, et seq.) by exempting installment loan companies and making them subject to different data breach notification provisions, including:

 

    Determination whether notice is required is based in part on an analysis of the risk of harm to affected residents;

    The notice deadline is 30 days, as opposed to "in the most expedient time possible and without unreasonable delay";

    Breach notification by email is prohibited if a breach involves a username, password or other login credentials to an email account furnished by the licensee;

    The law specifies information that must be included in a breach notification;

    Notice must be made to the attorney general if there are more than 500 affected residents;

    There is no safe harbor for data controllers subject to and compliant with the privacy and security provisions of the Gramm-Leach-Bliley Act;

    Notice must be provided to consumer reporting agencies if the breach affects more than 1,000 persons.

 

Connecticut SB 1058 was enacted June 26 and went into effect Oct. 1. Amendments include:

 

    Adding "precise geolocation data" to the definition of "personal information";

    Depositing civil penalties into a "privacy protection guaranty and enforcement account";

    Designating a violation as an unfair trade practice under Conn. Gen. Stat. § 42-110b.

 

Rhode Island SB 5684 was enacted June 27 and went into effect upon passage. Amendments include:

 

    Adding definitions for "classified data" and "cybersecurity incident";

    Shortening the notification period to individuals from 45 days to 15;

    Requiring notification to the state police within 24 hours;

    Specifying what must be included in a notification.

 

STATE REGULATION

 

California

 

In March, the California Privacy Protection Agency received approval of its first substantive rulemaking implementing the California Consumer Protection Act as amended by the California Privacy Rights Act.  The regulations became effective March 29, but enforcement of some provisions has been delayed until March 29, 2024.  The regulations include:

 

    Methods for allowing consumers to exercise the right to correct personal information;

    Required terms that must be included in contracts between businesses and the service providers and third parties with whom personal information is shared or disclosed;

    Modified notice requirements;

    Additional guidance on what constitutes a "dark pattern";

    Expectations regarding opt-out preference signals.

 

New York

 

In November, amendments to New York's cybersecurity regulations were adopted by the Department of Financial Services with staggered implementation dates for covered entities, small businesses, and Class A companies

 

The amendments include:

 

    Creation of a category for "Class A companies" based on revenue in New York, and number of employees or global revenue;

    Heightened security measures for Class A companies;

    Annual penetration testing by a qualified internal or external party;

    Automated or manual scans of information systems;

    Risk assessments reviewed and updated annually, or as necessary;

    Multi-factor authentication for any individual accessing any information system;

    Notification to the Superintendent of any cybersecurity incident within 72 hours;

    Annual certification of compliance, or acknowledgment of noncompliance;

    Notice and explanation of extortion payments made in connection with a cybersecurity incident.

 

FEDERAL REGULATION

 

Safeguards Rule

 

In September, the Federal Trade Commission announced its approval of an amendment to the Gramm-Leach-Bliley Act Safeguards Rule requiring nonbank financial institutions to report to the FTC the unauthorized acquisition of unencrypted customer information involving at least 500 consumers (a "notification event"). The amendment, which becomes effective May 13, 2024, also provides:

 

    Notification must be made as soon as possible, and no later than 30 days after discovery of the event;

    Notice must be provided through an online form that will be available on the FTC's website;

    The notice must include:

        the name and contact information of the reporting financial institution;

        a description of the types of information that were involved in the notification event;

        if the information is possible to determine, the date or date range of the notification event;

        the number of consumers affected or potentially affected by the notification event;

        a general description of the notification event; and

        whether any law enforcement official provided a written determination that notifying the public of the breach would impede a criminal investigation or cause damage to national security, and a means for the Federal Trade Commission to contact the law enforcement official.

 

CONCLUSION

 

2024 will undoubtedly be a remarkable year with respect to data privacy and security legislation and regulation and we expect an increased focus on issues related to the use of artificial intelligence. For more information and insight from Maurice Wutscher on data privacy and security laws and how to stay compliant click here.

 

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
20 N. Clark Street, Suite 3300
Chicago, Illinois 60602
Direct:  (312) 551-9320
Fax: (312) 284-4751

Mobile:  (312) 493-0874
Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.


Our updates and webinar presentations are available on the internet, in searchable format, at:

 

Financial Services Law Updates

 

and

 

The Consumer Financial Services Blog

 

and

 

Webinars

  

 

 

 

 

Saturday, December 9, 2023

FYI: ❄️ Warm wishes for a magical holiday season ❄️

  Maurice Wutscher LLP -

 

From all of us at Maurice Wutscher, sending you our heartfelt thanks for your continued support and partnership.

 

And wishing you and yours the joys of the season and all good things in the new year.

 

 

 

 

 

 

 

 

 

Ralph T. Wutscher
Maurice Wutscher LLP
20 N. Clark Street, Suite 3300
Chicago, Illinois 60602
Direct:  (312) 551-9320
Fax: (312) 284-4751

Mobile:  (312) 493-0874
Email: rwutscher@MauriceWutscher.com

 

Admitted to practice law in Illinois

 

 

 

Alabama   |   Florida   |   Illinois   |   Massachusetts   |   New Jersey   |   New York   |   Ohio   |   Pennsylvania   |   Tennessee   |   Texas   |   Washington, DC

 

 

NOTICE: We do not send unsolicited emails. If you received this email in error, or if you wish to be removed from our update distribution list, please simply reply to this email and state your intention. Thank you.


Our updates and webinar presentations are available on the internet, in searchable format, at:

 

Financial Services Law Updates

 

and

 

The Consumer Financial Services Blog

 

and

 

Webinars