Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • California Federal Court Dismisses Data Loss Class Action Because No Immediate Harm Exists

    Fintech

    On January 20, the U.S. District Court for the Eastern District of California dismissed a putative class action brought on behalf of California residents against a company that lost multiple server drives containing personal and medical information. Whitaker v. Health Net of Cal., Inc. No. 11-910, 2012 WL 174961 (E.D. Cal. Jan. 20, 2012). The named plaintiff alleged that the loss of the drives and personal information violated California’s Confidentiality of Medical Information Act. Relying on Ninth Circuit decisions in Krottner v. Starbucks Corp., 628 F.3d 1139 (9th Cir. 2010) and Ruiz v. Gap Inc., No. 09-15971, 380 F. Appx. 689 (9th Cir. May 28, 2010), the plaintiff argued that the threat of harm naturally stems from a loss of data alone. The court held, however, that there is a difference between theft and loss of data. Unlike those prior cases in which personal data was obtained by hacking or data breach, loss of data does not present any actual or immediate harm, only conjectural or hypothetical harm. The court held that the plaintiff lacked standing and dismissed the case with leave to amend because the possibility of harm is not sufficient to meet the constitutional injury-in-fact standard.

    Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • CFPB Finalizes Amendments to Remittance Transfer Rules (Regulation E)

    Fintech

    On January 20, the CFPB issued a final rule to amend regulations applicable to consumer remittance transfers of over fifteen dollars originating in the United States and sent internationally. Generally, the final rule requires remittance transfer providers to (i) provide written pre-payment disclosures of the exchange rates and fees associated with a transfer of funds, as well as the amount of funds the recipient will receive, and (ii) investigate consumer disputes and remedy errors. The rulemaking stems from a Dodd-Frank Act provision that expanded the scope of the Electronic Fund Transfer Act to cover international money transfers, and concludes an effort started by the Federal Reserve Board (FRB) that was transferred to the CFPB last year. The final rule closely tracks the proposed FRB rule, but among other things, provides (i) a thirty-minute cancellation period for consumers, as opposed to the proposed one-day period, (ii) additional compliance guidance for specific circumstances, including for transactions conducted by mobile applications, and (iii) revised model disclosure forms. Concurrent with the final rule, the CFPB issued a request for comment on additional revisions to the regulations, including comments and information for use in (i) setting a specific safe harbor for remittance transfer providers that do not provide such services “in the normal course of business”, and (ii) applying the new disclosure and cancellation requirements in cases where the request is made several days in advance of the transfer date. Comments on the proposal will be accepted for sixty days following publication in the Federal Register.

    CFPB Dodd-Frank

    Share page with AddThis
  • Upromise Settles with FTC Over Collection of Consumers' Personal Information

    Fintech

    On January 5, the FTC announced that Upromise had agreed to settle charges that its collection of consumers’ personal information was deceptive and an unfair practice, and that the collection violated federal law. Upromise’s website offered consumers a “TurboSaver Toolbar” download with a “Personalized Offers” feature to tailor savings opportunities to the consumer. The FTC alleged that the feature collected and transmitted, without encryption, the names of websites consumers visited, which links they clicked on, and information entered into webpages such as search terms, user names, and passwords. According to the FTC, the information collected also included credit card and financial account numbers, security codes and expiration dates, and Social Security numbers. Upromise’s privacy statement, however, stated that (i) the toolbar would only infrequently and inadvertently collect personal identifying information, (ii) personal information would be removed before the data was transmitted, and (iii) Upromise automatically encrypts users’ sensitive information. The proposed settlement requires in part that Upromise (i) destroy data collected, (ii) update its disclosures, (iii) notify consumers regarding the type of information collected and how to disable the toolbar, and (iv) obtain a biennial independent audit for the next twenty years. The proposed settlement is open for public comment through February 6.

    FTC Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • U.S. Supreme Court Rules Credit Repair Organizations Act Does Not Override Arbitration Agreements

    Fintech

    On January 10, the U.S. Supreme Court ruled (8-1) that the Credit Repair Organizations Act (CROA) does not override the Federal Arbitration Act’s (FAA) broad requirement that arbitration agreements be enforced according to their terms. CompuCredit Corp. v. Greenwood, No. 10-948, 2012 WL 43514 (Jan. 10, 2012). This case involves a proposed class of consumers alleging CompuCredit violated the CROA when it marketed and provided a no-deposit credit card to consumers with poor credit and then charged fees against the credit limit. CompuCredit sought to compel arbitration to enforce the terms of the card agreement, which mandated individual arbitration of disputes. The district court and Ninth Circuit both sided with the proposed class, finding the arbitration clause in conflict with the CROA’s “right to sue” provision and therefore void. On appeal, the consumer respondents urged the Supreme Court to follow the Ninth Circuit and hold that because the CROA requires a disclosure that a consumer has the right to sue a violating credit repair organization, and because the CROA prohibits waiver of any right given under the CROA, the right to file suit cannot be waived by an arbitration agreement. The Supreme Court rejected the Ninth Circuit’s line of reasoning and reversed, holding instead that (i) the FAA establishes a liberal policy requiring enforcement of arbitration agreements according to their terms, (ii) the CROA is silent on arbitration and its disclosure provisions do not create a right to sue that overrides the broad FAA mandate, and (iii) Congress could have specifically prohibited arbitration provisions in the CROA.

    Credit Cards Arbitration U.S. Supreme Court CROA

    Share page with AddThis
  • Washington District Court Rules ISP Contract Terms Were Not Reasonably Conspicuous

    Fintech

    On January 3, the U.S. District Court for the Western District of Washington denied an Internet service provider’s (ISP) motion to compel arbitration, holding in part that the ISP’s terms of service agreement containing the arbitration clause was not reasonably conspicuous. Kwan v. Clearwire Corp., No. C09-1392JLR, 2012 WL 32380 (W.D. Wash. Jan. 3, 2012). In this case, plaintiffs filed suit on behalf of a putative class against an ISP and its debt-collection vendors for violations of federal and state consumer-protection laws based on the defendants’ repeated attempts to collect payments the ISP claimed it was due under mobile Internet service contracts. The ISP moved to compel arbitration, asserting (i) that its customers are required to acknowledge and agree to certain terms of service, including an agreement to arbitrate disputes, before using the ISP’s services (i.e., a so-called “clickwrap agreement”); and (ii) that the ISP sent to customers order-confirmation e-mails that also included a link to the terms of service (i.e., a so-called “browsewrap agreement”).

    Relying on the Second Circuit’s analysis in Specht v. Netscape Comms. Corp., 605 F.3d 17 (2nd Cir. 2002), the court identified as the central issue whether the consumer had notice of and access to the terms and conditions of the contract prior to the conduct that allegedly indicated the consumer’s assent. With regard to the confirmation e-mail, the court found that the e-mail did not contain a direct link to the terms of service but rather a link to the ISP’s homepage that provided subsequent links to the terms of service. Further, the link that was provided in the confirmation e-mail did not appear until the third page of the e-mail. Thus, the court held that access to the terms of service did not constitute sufficient or reasonably conspicuous notice of those terms. However, the court also held that the consumers’ acceptance of terms through the clickwrap agreement would have bound them to the terms of service and the arbitration clause, but that issues of fact exist as to whether the named plaintiffs actually clicked to accept the terms. The court deferred resolution of those issues for a factual hearing, as well as a decision on whether a consumer who specifically declines to accept the terms of service is still bound by those terms by virtue of simply accessing the terms of service.

    Arbitration

    Share page with AddThis
  • FTC Obtains Agreement from Payment Processor to Prohibit Use of New Payment Method

    Fintech

    On January 5, the FTC announced a settlement with a payment processor and two of its principals that will prohibit the company from using a new payment method, through which accounts were debited without account-holder consent. The FTC alleged that the company actively promoted the method as a way to avoid scrutiny associated with other payment methods, and ignored red flags - such as payment-rejection rates exceeding 80 percent - that its merchant customers were seeking to defraud account-holders. As a result, according to the FTC, consumers incurred significant costs, including for overdraft fees. In addition to banning the use of this payment process, the settlement requires, among other things, that the company monitor client return rates and investigate rates exceeding 2.5 percent.

    FTC Payment Systems

    Share page with AddThis

Pages