InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Upromise Settles with FTC Over Collection of Consumers' Personal Information
On January 5, the FTC announced that Upromise had agreed to settle charges that its collection of consumers’ personal information was deceptive and an unfair practice, and that the collection violated federal law. Upromise’s website offered consumers a “TurboSaver Toolbar” download with a “Personalized Offers” feature to tailor savings opportunities to the consumer. The FTC alleged that the feature collected and transmitted, without encryption, the names of websites consumers visited, which links they clicked on, and information entered into webpages such as search terms, user names, and passwords. According to the FTC, the information collected also included credit card and financial account numbers, security codes and expiration dates, and Social Security numbers. Upromise’s privacy statement, however, stated that (i) the toolbar would only infrequently and inadvertently collect personal identifying information, (ii) personal information would be removed before the data was transmitted, and (iii) Upromise automatically encrypts users’ sensitive information. The proposed settlement requires in part that Upromise (i) destroy data collected, (ii) update its disclosures, (iii) notify consumers regarding the type of information collected and how to disable the toolbar, and (iv) obtain a biennial independent audit for the next twenty years. The proposed settlement is open for public comment through February 6.
CFPB Releases Mortgage Origination Exam Procedures
On January 11, the CFPB took its first action to implement its nonbank supervision program by releasing the procedures it will use in examining all bank and nonbank mortgage originators. The Mortgage Origination Examination Procedures describe the types of information examiners will collect to (i) evaluate policies and procedures, (ii) assess compliance with applicable consumer financial services law, and (iii) identify risks to consumers throughout the mortgage origination process. CFPB mortgage origination exams will focus on specific products and will cover one or more of the following modules: (i) company business model; (ii) advertising and marketing; (iii) loan disclosures and terms; (iv) underwriting, appraisals, and originator compensation; (v) closing; (vi) fair lending; and (vii) privacy. These newly released procedures are an extension of the Supervision and Examination Manual the CFPB released in October 2011 (see BuckleySandler Special Alert, October 17, 2011).
California Federal Court Dismisses Lawsuit After Finding Adequate Disclosures Regarding Online Discount Program
On April 11, the U.S. District Court for the Southern District of California dismissed claims against an online discount program and online movie ticketing website that the defendants deceptively enrolled the plaintiff into a costly program. Berry v. Webloyalty.com, Inc., et al., No. 10-1358, 2011 WL 1375665 (S.D. Cal. Apr. 11, 2011). Plaintiff alleged that, while purchasing movie tickets online, he clicked on an advertisement promising discounted movie tickets and, after later providing his email address, unwittingly enrolled in a "savings club" that began charging a monthly fee. The court dismissed plaintiff’s claims of misrepresentation, unfair competition, false advertising, and invasion of privacy on the ground that multiple disclosures in the advertisement (which plaintiff did not read) adequately disclosed the terms and conditions of membership in the savings club, including the monthly fee.
New Hampshire Enacts Bills Relating to Health Data Privacy
On August 7, New Hampshire Governor John Lynch signed into law H.B. 542, which primarily addresses health privacy issues. The new law (i) authorizes health care providers to disclose an individual’s protected health information to health information exchanges, and (ii) allows individuals to opt out of sharing their protected health care information through health information exchanges. The operative provisions of the new law become effective January 1, 2010.