10 minute read
Major Changes To Consumer Data Privacy Regulation In 2023
CALIFORNIA AND VIRGINA HAVE NEW COMPREHENSIVE LAWS; OTHER STATES COULD SOON FOLLOW
By WEBB ARTHUR, SPECIAL TO MORTGAGE BANKER MAGAZINE
Little time remains for businesses to prepare for significant chances to consumer data privacy laws in the US. The nation’s first comprehensive consumer data privacy law, the California Consumer Privacy Act (CCPA), was set to undergo significant updates on January 1. Regulations are still being updated, so compliance efforts will continue into the new year. Additionally, the second comprehensive state law, in Virginia, will be effective and enforceable.
The law is similar to the CCPA, but not identical, and impacted businesses will need to separately consider compliance with both laws. While these laws contain exemptions for financial services providers, all businesses directly subject to the laws will need to ensure that their data is inventoried to consider the impact on data sets like website data, marketing data, and data on employees.
California Inspired
First, major changes are coming to the CCPA by way of the California Privacy Rights Act (CPRA), a 2020 ballot initiative. California residents will have new rights with regard to their personal information, including the right to opt out of the sharing of their personal information for cross-contextual advertising, the right to limit the use and disclosure of sensitive personal information (a new subset of personal information), and the right to correct their personal information.
The CPRA also adds new notice content requirements, requires businesses to pass on deletion requests to third parties to which they have transferred personal information, and imposes data security requirements. Further, the law adds new requirements when managing service providers and will require contracts to transfer (or ”sell”) personal information to third parties. In implementing new requirements, business will need to take particular care to consider the impact of the law on information passively collected or processed by a website or identified with regard to a device, a focus of the regulator.
The CCPA’s limited exemptions related to employment and B2B context information are also expiring. With this development, California-resident employees and other individuals acting in commercial contexts will now have CCPA rights, and businesses will have to amend disclosures to cover this information. Otherwise, the CCPA’s exemptions remain intact.
The California Privacy Protection Agency, the new entity that has taken over rulemaking under the CCPA from the Attorney General, is working on updating the CCPA regulations. These regulations, when finalized, will impact notice content, the rules surrounding processing of consumer requests, and the circumstances under which businesses may process personal information secondary to the purposes for which it was collected. Businesses should monitor CPPA rulemaking efforts, as rules related to profiling opt outs and managing online opt-out signals are anticipated.
Virginia Speaks Up
In addition to big changes to the CCPA, Virginia’s new data law also became effective on Jan. 1. That law, the Virginia Consumer Data Privacy Act (VCDPA), applies to businesses that control or process personal data on at least 100,000 Virginia residents in a year, or that control or process personal data on at least 25,000 Virginia residents in a year where they derive over 50% of their gross revenue from the sale of personal data. The law comes with similar (but not identical) exemptions to the CCPA. One distinction to note for Virginia is that, in contract to the CCPA, the VCDPA exempts not only personal data subject to the Gramm-Leach-Bliley Act (GLBA) but also ”financial institutions” as defined by the GLBA. Additionally, unlike the CCPA, the VCDPA does not apply to personal data in employment or commercial contexts.
The VCDPA comes with many of the same consumer rights and business requirements as the CCPA, but with a few new and different obligations to note:
Consumers in Virginia will have the right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer. Here, ”profiling” means the automated processing of personal data to evaluate, analyze, or predict personal aspects related to an identified or identifiable natural person’s economic situation, health, personal preferences, interests, reliability, behavior, location, or movements.
Businesses will have to obtain optin consent to process sensitive personal information, not just extend an opt-out right.
Consumers will have the right to appeal denials of consumer rights.
Businesses will have to conduct and document data protection assessments when engaging in certain data activities, like selling data, processing personal data for targeted advertising, engaging in profiling, or any other activity that presents a heightened risk of harm to consumers. These assessments are required to identify and weigh benefits and risks - to the business, the consumer, other stakeholders, and the public - related to the proposed data processing activity, as well as whether risks may be appropriately mitigated by safeguards. Assessments must be written and may be demanded by the Virginia Attorney General as related to an investigation.
Consumer data privacy compliance will continue to be an ongoing effort in 2023, as the consumer data privacy landscape continues to evolve through new laws and regulations.
Laws in Colorado, Connecticut, and Utah are set to take effect later in 2023, and Colorado is currently engaged in rulemaking efforts related to its law. More states will consider next year broad privacy legislation, as well as more targeted proposals, like those related to biometric information, geolocation information, and website information. The FTC is considering broad privacy and data security rulemaking, the CFPB is working on implementing consumer rights to personal financial records under section 1033 of the Dodd-Frank Act, and debate about federal privacy legislation will likely start back up in the new Congress.
Amidst the changing landscape, businesses are strongly encouraged to keep data inventory and mapping efforts up to date and consider the risks - in opportunities - that come out of data collection and processing.
Webb is a partner in the firm’s Washington, DC office. Webb advises a range of financial institutions, consumer reporting agencies, technology and information companies, and others on compliance with data use and privacy laws.
Blend Announces Strategic And Financial Initiatives To Achieve Path To Profitability
Blend announced a series of specific initiatives that support its previously communicated plan to accelerate its path to profitability.
The initiatives announced today aim to right-size the Company’s cost structure, focus its investments on the highest potential growth opportunities, and realign its leadership to drive the Company’s transition from a product company to a platform company. Specifically, they include:
A 28% reduction in Blend’s onshore employee base impacting Blend Title and corporate operations in R&D, sales and marketing and general and administrative functions. This latest reduction in force and prior savings initiatives are expected to reduce Blend’s annualized cost of revenue and operating expenses by over $100 million in the aggregate on a non-GAAP basis exiting calendar 2023 relative to the third quarter of 2022.
Implementation of planned enhancements to Blend’s goto-market and investment strategies designed to enhance the Company’s product suite, revenue models and gross margins, including:
Allocating an increased portion of operating expenses into Blend Builder, the Company’s configurable software platform, which carries a subscription fee on top of success based transaction fees. This platform is already the foundation of Blend’s non-mortgage offerings, and over time will give mortgage lenders the flexibility and power they need to differentiate from their competitors.
And for Blend’s large mortgage customer base, focusing on helping lenders be even more efficient by implementing the large backlog of features built over the past several years, including Loan Officer Toolkit, Self-serve Prequalification, Blend Income, and Blend Close.
In his role as director of risk quantification, Whitsitt will help inform product direction and lead the new professional services division tasked with getting customers off the ground with risk quantification while avoiding or mitigating common pitfalls.
FinLocker is proud to have the opportunity to private-label the FinLocker mobile applications for Family First Funding and MLB Residential Lending to provide the residents of their communities with financial education and a path to homeownership,” said Brian Vieaux, president and chief operating officer, FinLocker.
Justin Demola, CMB, president, Lenders One, said, “The FinLocker powered private-labeled apps for Family First Funding and MLB Residential Lending will provide prospective homebuyers with the financial education and resources to help them build and monitor their credit and make informed financial decisions while keeping them connected to their lender until they are ready to buy a home.”
Half Of Closings Exposed To Higher Risk
FundingShield’s Q3 2022 Wire & Title Fraud Risk report shared that close to half of the closings it monitored were exposed to higher risk ranging from documentation, compliance, license and background issues leading to vulnerabilities of fraud. Increased cyber security related risks, data breaches, a more challenging real estate finance market resulted in client growth of 63.5% during 2022 while much of the mortgage technology ecosystem is dealing with sizeable double-digit decline in revenues. The firm secured approximately $55 Billion per month on average for $670bn secured in 2022 total.
CEO Ike Suri shared, “The mortgage industry is going through headwinds, and we empathize with our clients going through low volumes, however fraud has only risen as it has an inverse relationship. Cyber security prevention tools and risk automation has helped our clients’ right size while maintaining compliance, review and risk management workflows in this challenged market. The risks are pervasive thus the solutions being leveraged allow clients to save up to $200 per transaction. Our strategic partnerships continue to grow in addition to our partnership with Ice Mortgage technology where we provide a single-click, safe, secure and seamless cyber security and compliance solution out of the box.”
The “Home Hero” app for Family First Funding and the “Secure Home” app for MLB Residential Lending, powered by FinLocker, will support each company’s consumers to achieve a financially stable future with homeownership as the anchor to building wealth by using FinLocker:
Tools to improve their credit score and monitor their credit report, manage their finances, create savings goals and budget to pay down debt and save for a down payment, Personalized journeys to guide them toward mortgage eligibility and sustain homeownership, and
Educational resources to manage credit and credit cards, prepare for the mortgage process, sustain homeownership, and plan for college and retirement.
Ostrich Cyber-Risk Hires
Fannie Mae Cyber Expert
Ostrich Cyber-Risk, a unified cyber risk management company, announced the hire of risk quantification expert Jack Whitsitt, appointed director of risk quantification, to elevate and expand the CRQ offerings of Ostrich CyberRisk and its new professional services division.
Whitsitt joins Ostrich Cyber-Risk most recently from Freddie Mac, where he served as the Information Security Risk Quantification Program Architect, with prior positions held at Bank of America and the Department of Homeland Security.
Whitsitt is a leader in the CRQ community with more than two decades of information security specific experience and has spent the past six years advancing the state of the art by expanding and refining existing CRQ, including Open FAIR, into targeted best practices.
FinLocker
Creates Financial Fitness Apps For Family First Funding And MLB Residential Lending
FinLocker has partnered with two community-focused mortgage lenders, Family First Funding and MLB Residential Lending, to create financial fitness apps that guide prospective homebuyers to achieve mortgage eligibility and sustain homeownership. This partnership comes two months after Lenders One Cooperative, a national alliance of over 240 independent mortgage bankers, announced the opening of its first three Walmart in-store branches in Newton and Boonton, New Jersey, and Orlando, Florida, with the mortgage lenders.
“As a preferred partner in the Lenders One cooperative,
OrangeGrid Enables Mortgage Servicers to Manage Entire Vendor Supply Chain
OrangeGrid, a provider of mortgage servicing software, announces it has released a new environment, GridSource, that connects all vendor types to its default suite of products included in their mortgage servicing platform.
GridSource simplifies vendor management processes, offers additional oversight of vendor’s task load to ensure they are completing assigned tasks on schedule, and provides easy access to archived data and documents submitted by vendors in a single environment. Due to OrangeGrid’s unique architecture, there is no limit to the vendor types that can be added. The current list of vendor types already includes property preservation and inspection companies, valuation providers, law firms, real estate brokers, and title companies.
Vendors have their own logins where they can review open tasks and outstanding items via workflow queues. Becoming a GridSource vendor is on an invite-only basis based on client requirements, but once a part of the OrangeGrid vendor marketplace they can be easily added to other existing client processes.
“GridSource offers mortgage servicers greater insight and control in the way they manage their relationships with vendors, which provides enhanced collaboration and coordination of activities with each other.” Said Todd Mobraten, CEO and founder of OrangeGrid. “Our customers create operational foundations via OrangeGrid’s product suite and are seeing even more data centralization and process optimization by bringing in their vendors.”
Scott L. Luna Partner
sluna@ravdocs.com
469-730-4607
Scott Luna’s practice is focused on real estate law with an emphasis on mortgage document preparation and land title issues. Scott managed a successful multistate highvolume title and document preparation business for over 20 years before joining RAV and is recognized throughout the real estate legal community for his expertise. As a past President of the Oklahoma Land Title Association, Scott’s ongoing involvement in the industry adds to his wealth of title-related knowledge. Scott received his Juris Doctor degree from the University of Tulsa College of Law in 1991 after receiving his Bachelor of Science degree from Texas A&M University. Scott is currently licensed in Texas, Oklahoma, Missouri, Minnesota, Nebraska, and Kentucky.
Mitchel H. Kider Managing Partner
kider@thewbkfirm.com
202-557-3511
Mitch Kider is the Chairman and Managing Partner of Weiner Brodsky Kider PC, a national law firm specializing in the representation of financial institutions, residential homebuilders, and real estate settlement service providers. Mitch represents banks, mortgage companies, homebuilders, credit card issuers, and other financial service companies in a broad range of litigation and regulatory and compliance matters. He defends clients in investigations and enforcement actions before the Consumer Financial Protection Bureau, Department of Housing and Urban Development, Department of Justice, Department of Veterans Affairs, Federal Trade Commission, Fannie Mae, Freddie Mac, Ginnie Mae, and various state and local regulatory authorities and Attorneys General offices. In addition, Mitch acts as outside general counsel to smaller companies and special regulatory and litigation counsel to Fortune 500 companies.
