Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
According to sources, some insurers are considering adding biometric exclusions to their insurance policies as privacy lawsuits increase. An article on the recent evolution of biometric privacy lawsuits noted an apparent increase in class actions claiming violations of the Illinois Biometric Information Privacy Act (BIPA), as “more courts began ruling that individuals need not show actual injury to allege BIPA violations.” The article explained that insurance carriers now “argue that general liability policies, with their lower premiums and face values, don’t insure data privacy lawsuits and can’t support potentially huge BIPA class action awards and settlements.” This issue is poised to become increasingly important to carriers and policyholders as additional states seek to regulate biometric privacy. The article noted that in the first quarter of 2022, seven states (California, Kentucky, Maine, Maryland, Massachusetts, Missouri, and New York) introduced biometric laws generally based on Illinois’ BIPA. Texas and Washington also have biometric laws, but without a private right of action.
On June 28, the U.S. District Court for the District of South Carolina ruled that it will apply Massachusetts law to negligence claims in a putative class action concerning a cloud-based services provider’s allegedly lax data-security practices. The plaintiffs claimed that the defendant’s “security program was inadequate and that the security risks associated with the Personal Information went unmitigated, allowing  cybercriminals to gain access.” During discovery, the defendant (headquartered in South Carolina) stated that its U.S. data centers are located in Massachusetts, Texas, California, and New Jersey, and that the particular servers that housed the plaintiffs’ data (and were the initial entry point for the ransomware attack) are physically located in Massachusetts. While both parties stipulated to the application of South Carolina choice-of-law principles generally, the plaintiffs specifically requested that South Carolina law be applied to their common law claims of negligence, negligence per se, and invasion of privacy since it was the state where defendant executives made the cybersecurity-related decisions that allegedly allowed the data breach to occur. However, the defendant countered that the law of each state where a plaintiff resides should apply to that specific plaintiff’s common law tort claims because the “damages were felt in their respective home states.” Both parties presented an alternative argument that if the court found the primary choice-of-law theory to be unfounded, then Massachusetts law would be appropriate as “Massachusetts was the state where the last act necessary took place because that is where the data servers were housed.”
In determining which state’s common-law principles apply, the court stated that even if some of the cybersecurity decisions were made in South Carolina, the personal information was stored on servers in Massachusetts. Moreover, the “alleged decisions made in South Carolina may have contributed to the breach, but they were not the last act necessary to establish the cause of action,” the court wrote, noting that in order for the defendant to be potentially liable, the data servers would need to be breached. The court further concluded that “South Carolina’s choice of law rules dictate that where an injury occurs, not where the result of the injury is felt or discovered is the proper standard to determine the last act necessary to complete the tort.” As such, the court stated that Massachusetts law will apply as that is where the data breach occurred.
On June 24, the U.S. District Court for the Central District of California granted final approval of a $2.5 million class action settlement resolving claims that an auto dealer group and marketing director (collectively, “defendants”) violated the TCPA by sending “prerecorded telemarketing messages” to consumers’ cell phones without receiving consumers’ express written consent. According to the second amended complaint, the plaintiff sued the defendants after he allegedly received unsolicited prerecorded text messages advertising one of the auto group’s dealerships. Under the terms of the agreement, class members (comprised of consumers who were sent prerecorded messages from the defendants, auto dealerships managed by the defendant, or anyone acting on the defendant’s behalf, including employees, agents, third-party contractors, and sub-contractors) will receive a portion of the $2.5 million settlement. The settlement amount also provides for up to $625,700 in attorneys’ fees, nearly $12,600 for costs, and $125,000 for the settlement administrator. The class representative will be given a $5,000 service award. Additionally, the defendants and dealerships are required to “adopt policies and procedures regarding compliance with the TCPA and the National Do Not Call Registry.”
On June 24, the U.S. District Court for the Eastern District of New York granted final approval of a $38.5 million settlement in a class action against a national gas service company and other gas companies (collectively, defendants) for allegedly violating the TCPA in connection with calls made to cell phones. As previously covered by InfoBytes, the plaintiff’s memorandum of law requested preliminary approval of the class action settlement. The settlement establishes a settlement class of all U.S. residents who “from March 9, 2011 until October 29, 2021, received a telephone call on a cellular telephone using a prerecorded message or artificial voice” regarding several topics including: (i) the payment or status of bills; (ii) an “important matter” regarding current or past bills and other related issues; and (iii) a disconnect notice concerning a current or past utility account. Under the terms of the settlement, the defendants will provide monetary relief to claiming class members in an estimated amount between $50 and $150. The settlement will additionally require the companies to implement new training programs and procedures to prevent any future TCPA violations. The settlement permits counsel for the proposed class to seek up to 33 percent of the settlement fund to cover attorney fees and expenses.
On June 23, the U.S. District Court for the Northern District of Illinois granted a defendant’s motion for summary judgment, ruling that dunning emails sent to collect unpaid credit card debt did not violate the FDCPA. The plaintiff received an email from the defendant stating that it was attempting to collect the debt on behalf of the creditor, and that due to the age of her debt, the creditor could not sue her for it. While the email stated that “making a payment on a time-barred debt has the potential to restart the statute of limitations for suit on the debt,” it went on to say that it was the creditor’s policy “never to file suit on a debt after the original statute of limitations has expired” and that it never sells such debt. A few days later, the defendant sent the plaintiff an email attempting to collect a separate debt owed to a different creditor. The plaintiff’s attorney sent a letter informing the defendant that she represented plaintiff and requested that plaintiff not be contacted again. After the plaintiff received a third email from the defendant, she sued alleging the defendant violated Section 1692e by urging her to pay a debt without disclosing that the defendant could not sue or report the debt. She further alleged that the defendant violated the FDCPA by continuing to send communications even after the defendant knew she was represented by an attorney. The plaintiff argued that she suffered an injury—and had standing—because she refrained from making purchases and because the defendant had wasted her time.
The court disagreed, writing that the plaintiff failed to put forth evidence demonstrating some form of financial harm in order to have Article III standing. The court observed that “[o]ne does not suffer a monetary injury by refraining from making a purchase; one still has her money if she refrains from making a purchase. Paying too much for an item constitutes an economic injury but refraining from paying for an item does not. At best, plaintiff’s action might have left her with a feeling of want or desire, but such feelings are not concrete injuries.” Moreover, “[e]ven if plaintiff could be thought to have suffered an injury, her decision to refrain from any particular purchase is not fairly traceable to defendant,” the court wrote. And though the court found standing on her claim related to defendant’s continued contact, the court held that “Section 1692c(a)(2) applies only where the debt collector knows the consumer is represented by an attorney with respect to the specific debt being collected.” The defendant needed to be informed that the attorney was representing the plaintiff on both creditors’ debts for the third email to be a violation of the FDCPA, the court concluded.
On June 21, the U.S. District Court for the Western District of North Carolina granted a defendant’s motion for judgment on the pleadings in an FDCPA case concerning dispute responses over a debt. According to the order, the defendants—who represented a bank—sent a letter to the plaintiff attempting to collect an unpaid credit card debt. The letter included information about the creditor, the outstanding balance, and a validation notice. The plaintiff disputed the debt and requested validation of charges, payments, and credits on the account. The defendants responded with another letter, providing information about the original creditor and the balance of the unpaid debt. The plaintiff then sent another letter to the defendants requesting the original account agreement, all original account level documentation, and a “wet ink signature of the contractual obligation.” The defendants filed a collection suit against the plaintiff. The plaintiff filed suit in response, alleging the collection lawsuit violated the FDCPA and North Carolina state law because it “unjustly” condemned and vilified plaintiff for his non-payment of the alleged debt.
The court found that the “[p]laintiff’s allegations misconstrue the obligations of the debt collector in verifying the debt.” The court also noted that the FDCPA did not require the defendants provide “account level documentation,” stating that “[v]erification only requires a showing that the amount demanded ‘is what the creditor is claiming is owed,’ not conclusive proof of the debt.”
On June 17, the U.S. District Court for the Southern District of California granted final approval of a class action settlement resolving claims that a hospitality company violated the FCRA and various California laws. According to the order, plaintiffs filed a putative class action alleging that the company violated the FCRA by failing to make proper disclosures and obtain proper authorization during its hiring process. Additionally, the plaintiffs claimed that the company’s background check forms were allegedly defective because they “contained information for multiple states for whom background checks were run” in violation of California’s Investigative Consumer Reporting Agencies Act and other California laws. Under the terms of the settlement, the defendant will pay nearly $1.4 million, of which class members will receive $821,714 in total ($63.29 per class member), $10,127 will go towards settlement administration costs, $349,392 will cover attorneys’ fees, and $5,000 will be paid to each of the two named plaintiffs.
On June 16, the U.S. Court of Appeals for the Fifth Circuit held that a plaintiff borrower’s requested damages in a foreclosure lawsuit did not exceed the federal jurisdictional threshold amount of $75,000, and sent the case back to Texas state court. The plaintiff sued the financial institution in state court after it sought a nonjudicial foreclosure on his house, asserting violations of the Texas Debt Collection Act, breach of the common-law duty of cooperation, fraud, and negligent misrepresentation. The suit was removed to the U.S. District Court for the Northern District of Texas, with the defendant arguing that the suit automatically stayed its nonjudicial foreclosure sale, thus putting the value of the house ($427,662) as the amount in dispute, instead of the plaintiff’s requested relief of $74,500. The plaintiff moved to remand the case to state court on the premise “that the amount in controversy could not exceed the stipulated maximum of $74,500.” The district court denied the plaintiff’s motion, ruling that it “had to measure the amount in controversy ‘by the value of the object of the litigation,’” and not by what the plaintiff’s complaint says the damages were not to exceed.
In reversing and remanding the case to state court, the 5th Circuit concluded that, because the defendant did not show that the automatic stay brought the house’s value into controversy, it “failed to establish by a preponderance of the evidence that the amount in controversy exceeded $75,000.” The appellate court agreed with the plaintiff’s assertion that the house was simply collateral and “thus irrelevant to the amount in controversy,” writing that “[i]t is well-settled that neither the collateral effect of a suit nor the collateral effect of a judgment may count toward the amount in controversy.” The 5th Circuit also determined that the plaintiff expressly stipulated in both his original state-court petition and in a declaration “that he is seeking total damages not to exceed $74,500,” and that this stipulation is legally binding.
On June 10, the U.S. District Court for the Western District of Pennsylvania certified a putative class action against an online apparel company related to alleged violations of the Americans with Disabilities Act (ADA). The plaintiff claimed that he was unable to access the defendant’s website because the website did not facilitate access to customers using screen readers or other auxiliary aids. This lack of access made the website not fully accessible to individuals who are blind or visually impaired—a “violation of the effective communications and equal access requirements of Title III” of the ADA. The plaintiff sued, seeking to include a class of similarly situated blind and visually impaired individuals who use screen readers or other auxiliary aids to access the defendant’s website and/or mobile app. According to the plaintiff, the defendant failed to have in place adequate policies and practices to ensure its website was fully accessible, and that, although the defendant maintains a single brick-and-mortar location, most of its sales are digital. In certifying the class, the court determined, among other things, that the defendant’s “website and other digital properties affected all members of the class, and thus the class as a whole shares the same interest in obtaining the injunctive relief provided by the settlement—prospective changes to [defendant’s] digital properties.” The court also preliminarily approved the proposed class action settlement, which requires, among other things, that the defendant make several changes to its policies and procedures to ensure accessibility of its digital properties and to make sure it complies with the Web Content Accessibility Guidelines 2.1.
On June 14, the California Court of Appeal for the Second Appellate District reversed a trial court’s decision staying a suit against a lender and its loan payment processor (collectively, “defendants”) and enforcing a Delaware forum selection clause. The appeals court held that the plaintiff borrower’s unwaivable right to a jury trial under California law could be violated if the case proceeded in Delaware. According to the opinion, the plaintiff obtained $2.275 million in loans secured by bitcoin from the lender (a Delaware LLC that is licensed and regulated by California’s Department of Financial Protection and Innovation). When the value of bitcoin dropped, the lender sold the plaintiff’s bitcoin under the terms of the governing loan agreements. The plaintiff sued, “seeking, among other things, damages, return of his bitcoin, and cancellation of the loan agreements.” The defendants moved to stay the case because the Delaware forum selection clause required the case to be litigated in Delaware. The plaintiff countered that transferring the case to Delaware would “substantially diminish” his unwaivable rights under California law. The trial court eventually concluded that transferring the case to Delaware would not diminish the plaintiff’s rights and granted the stay pending litigation in Delaware. The trial court also stayed a second suit brought by the plaintiff alleging violations of California’s Unfair Competition Law and False Advertising Law, holding that the second suit involved the same primary rights as the first suit.
In reviewing the consolidated cases, the appeals court determined, among other things, that the Delaware forum selection clause in this case contains a predispute jury waiver. “Because California has a fundamental policy against such a waiver, Defendants carry the burden of proving that Delaware would not diminish this important right,” the appeals court wrote, adding that under Delaware law “contractual provisions that waive the contracting parties’ right to trial by jury have been upheld, and relevant case law provides insufficient assurance that Delaware courts will apply California’s important public policy to this dispute.” Additionally, the appeals court concluded that the defendants’ proposed “offer to stipulate that the Delaware court should apply California law” provides “little assurance that a Delaware court would enforce such a stipulation under the facts present here.”
- Jedd R. Bellman to discuss “The CFPB’s crackdown on collection junk fees and the growing anti-CFPB rhetoric” at an Accounts Recovery webinar
- Benjamin W. Hutten to discuss “Latest on AML regulations and impact of economic sanctions” at a Mortgage Bankers Association webinar
- Benjamin W. Hutten to discuss “Fundamentals of financial crime compliance” at the Practicing Law Institute
- Benjamin W. Hutten to discuss “Ongoing CDD: Operational considerations” at NAFCU’s Regulatory Compliance & BSA Seminar