InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court grants preliminary approval of class action in robocall suit
On September 28, the U.S. District Court for the District of Utah granted preliminary approval of a TCPA class action settlement with a digital finance company. According to the plaintiff’s unopposed motion for preliminary approval, the plaintiff alleged that the defendant sent unwanted phone calls to approximately 64,845 unique cellular telephone numbers. The plaintiff’s motion noted that the district court granted, in part, the plaintiff’s motion for class certification and appointment of class counsel, and certified that the class consists of: “[a]ll persons throughout the U.S. (1) to whom [defendant] placed, or caused to be placed, a call, (2) directed to a number assigned to a cellular telephone service, but not assigned to a current or former [defendant] accountholder, (3) in connection with which [defendant] used an artificial or prerecorded voice, (4) from September 1, 2019 through September 21, 2021.” The Tenth Circuit Court of Appeals denied the defendant’s petition for permission to appeal the court’s order certifying the class. After that, the district court approved Plaintiff’s Rule 23(c)(2) class notice plan. After more than two years of “vigorously contested litigation, and as a result of extensive arm’s-length negotiations” the parties agreed to resolve this matter on behalf of a settlement class. The order further noted that the parties’ agreement “calls for the creation of a non-reversionary, all-cash common fund in the amount of $5 million, from which participating settlement class members will receive substantial payments.”
District Court grants preliminary approval of data breach class action
On October 3, the U.S. District Court for the Eastern District of Wisconsin granted preliminary approval of a data breach class action settlement. According to the plaintiff’s unopposed motion for preliminary approval, a ransomware attack on the company potentially allowed an unauthorized actor to access the personal information of approximately two million of the company’s patients, employees, employee beneficiaries, and other individuals from May 28, 2021 to June 4, 2021. The company announced the ransomware attack in a data breach notice sent to customers on June 24, 2021. The plaintiff filed her complaint alleging, among other things, that the company “failed to take adequate measures to protect her and other putative Class Members’ Personal Information and failed to disclose that [the company’s] systems were susceptible to a cyberattack.” After other plaintiffs filed suit, the plaintiffs moved to consolidate the actions and alleged several violations, including negligence and breach of implied contract. The settlement provides for a $3.7 million settlement fund. Each class member is eligible to submit a claim for two years of three-bureau credit monitoring and up to $1 million of insurance coverage for identity theft incidents. Additionally, class members can submit a claim for up to $10,000 in documented losses. The settlement also provides class members with lost time payment and cash fund payment options (in the alternative to all the foregoing settlement benefits).
District Court grants summary judgment in FCRA and FDCPA suit
On September 30, the District Court for the Northern District of New York granted a defendant’s motion for summary judgment in an FCRA and FDCPA suit. According to the order, the plaintiff allegedly discovered that the defendant communicated incorrect information regarding a debt to credit reporting agencies (CRAs) and subsequently began disputing the debt. The defendant confirmed that the tradeline was accurate and that the account had been paid in full. The plaintiff then sent letters to the different CRAs, the original creditor, and the defendant, claiming that the information being communicated was inaccurate. The plaintiff continued to receive responses indicating that the information being reported was accurate and that the account had been paid in full. The plaintiff then received a letter from a bank rejecting his application for a credit card on the basis that they had received negative information about the plaintiff’s credit from a credit reporting agency. The plaintiff claimed that the defendant violated the FCRA by failing to conduct a reasonable investigation, failing to review information provided by the CRAs, and failing to modify or delete information it could not verify as accurate. The court disagreed, finding that the defendant’s investigations were “reasonable under the circumstances,” given that the plaintiff’s disputes contained “various misleading descriptions that indicated” the debt was not the plaintiff’s, when he had admitted in other circumstances it was. Regarding the FDCPA claim, the court noted that “even if this information was false or inaccurate, there is no evidence whatsoever that it was communicated in connection with the collection of a debt.”
Arizona reaches $85 million settlement in location tracking suit
On October 4, the Arizona attorney general announced an $85 million settlement with an internet technology company to resolve allegations that it collected individuals’ location data for targeted advertising without users’ knowledge or consent or after users opted out of the feature through the platform’s settings. The AG initiated an investigation in 2018 into the company’s practices after sources claimed that the platform surreptitiously collected and sold location information through other settings even though users believed disabling the “Location History” setting would ensure this would not occur. The AG sued the company in 2020, claiming violations of the Arizona Consumer Fraud Act. Among other things, the AG alleged the company’s disclosures misled users into believing these other settings had nothing to do with tracking user location, and that the company used “deceptive and unfair practices to collect as much user information as possible” and made it difficult for users to understand what was being done with their data or opt out of data sharing. Without admitting any wrongdoing, the company agreed to the terms of the settlement agreement and will pay Arizona $85 million, of which the majority will go toward “education, broadband, and [i]nternet privacy efforts and purposes.”
White House proposes AI “Bill of Rights”
Recently, the Biden administration’s Office of Science and Technology Policy released a Blueprint for an AI Bill of Rights. The blueprint’s proposed framework identifies five principles for guiding the design, use, and deployment of automated systems to protect the public as the use of artificial intelligence grows. The principles center around topics related to stronger safety measures, such as (i) ensuring systems are safe and effective; (ii) implementing proactive protections against algorithmic discrimination; (iii) incorporating built-in privacy protections, including providing the public control over how data is used and ensuring that the data collection meets reasonable expectations and is necessary for the specific context in which it is being collected; (iv) providing notice and explanation as to how an automated system is being used, as well as the resulting outcomes; and (v) ensuring the public is able to opt out from automated systems in favor of a human alternative and has access to a person who can quickly help remedy problems. According to the announcement, the proposed framework’s principles should be incorporated into policies governing systems with “the potential to meaningfully impact” an individual or community’s rights or access to resources and services related to education, housing, credit, employment, health care, government benefits, and financial services, among others.
FHA seeks to increase small balance mortgages
On October 4, FHA announced a request for information (RFI) seeking input on ways to facilitate greater origination of small balance mortgages for FHA insurance. FHA will use feedback received in response to the RFI to help identify barriers to the origination of small mortgages in its program. The agency will also consider the development of policies and programs to better support and expand affordable homeownership opportunities in underserved markets with lower housing prices and to close the racial homeownership gap. According to the announcement, the RFI seeks input on topics related to “the current availability of small mortgage financing, barriers and disincentives to small mortgage lending transactions, changes to policies or processes that would encourage origination of more FHA-insured small balance mortgages, and considerations regarding liquidity provided through securitization.” Comments on the RFI are due December 5.
In conjunction with the RFI, HUD released a report assessing factors that limit the supply of small mortgage loans and highlighting challenges facing borrowers who need loans to purchase lower-priced homes. The report, titled Financing Lower-Priced Homes: Small Mortgage Loans, found that mortgage loans having an original principal obligation of $70,000 or less represent less than 3.5 percent of originations in 2020. Many of these loans secure properties valued at more than $70,000—an indication that the purchases included substantial down payments, HUD said. Among other things, the report also found that FHA disproportionately insures loans for lower-priced homes compared to the rest of the mortgage market and has loan insurance programs for financing property improvements and manufactured homes that are particularly targeted to lower loan amounts. Additionally, the report flagged the fixed costs of loan origination and servicing as a significant barrier to small mortgage lending, noting that this makes small mortgage loans less profitable and may necessitate additional incentives for lenders, such as reducing costs or providing additional lender or loan originator compensation.
Fed announces pilot climate scenario analysis for large banks
On September 29, the Federal Reserve Board announced that six of the nation’s largest banks will participate in a pilot climate scenario analysis exercise intended to enhance the ability of supervisors and firms to measure and manage climate-related financial risks. The Fed noted that the scenario analysis, in which the resilience of banks is assessed under different hypothetical climate scenarios, is an emerging tool for assessing climate-related financial risks. The Fed further noted that the process is exploratory in nature and that “there will be no capital or supervisory implications from the pilot.” Over the course of the exercise, the participating banks will analyze the impacts of hypothetical climate scenarios on specific portfolios and business strategies. The climate analysis will be separate and distinct from bank stress tests, which are designed to assess whether large banks have enough capital to continue lending to households and businesses during a severe recession. The Fed noted that the climate scenario analysis "can assist firms and supervisors in understanding how climate-related financial risks may manifest and differ from historical experience.”
District Court grants plaintiff’s injunction in data scraping suit
On September 30, the U.S. District Court for the Northern District of California certified a stipulation and proposed order regarding a permanent injunction and dismissal to abandon remaining allegations against an Israel-based company and a Delaware company (collectively, defendants) related to their use of data scraping from the parent company of large social media platforms (plaintiff). In 2020, the plaintiff alleged that the defendants developed and distributed internet browser extensions to illegally scrape data from the plaintiff’s platform and other platforms. The order noted that the court’s prior summary judgment decision concluded that the defendants collected data using “self-compromised” accounts of users who had downloaded the defendants’ browser extensions. The order further noted that the defendants stipulated that the plaintiff had established that it suffered “irreparable injury” and incurred a loss of at least $5,000 in a one-year period as a result of one of the companies’ unauthorized access. The order further noted that judgment has been established “based on [the Israel-based company’s] active data collection through legacy user products beginning October 2020, and based on [the Israel-based company’s] direct access to password-protected pages on [the plaintiff’s] platforms using fake or purchased user accounts.” Under the injunction, the defendants are immediately and permanently barred from accessing or using two of the plaintiff’s social media platforms without the plaintiff’s express written permission, regardless of whether the companies are using the platforms directly or via a third party. The defendants are also banned from collecting data or assisting others collect data without the plaintiff’s permission, and are required to delete any and all software, scripts or code that are designed to access or interact with two of the plaintiff’s social media platforms. Additionally, the defendants are prohibited from using or selling any data that they have previously collected from the plaintiff’s social media platforms.
California amends certain debt collector licensing provisions
On September 27, the California governor signed AB 156, which, among other things, amends various provisions of the Debt Collection Licensing Act to allow any debt collector that submits an application to the commissioner of the Department of Financial Protection and Innovation before January 1, 2023, to operate pending the approval or denial of the application. The amendments also authorize the commissioner to issue a conditional license pending the receipt and review of fingerprints and related information. Additional provisions state that a conditional license will expire under certain conditions, including the issuance of an unconditional license. The amendments also grant the commissioner authorization to deem an application abandoned. The amendments take effect January 1, 2023.
OFAC sanctions persons in Bosnia and Herzegovina
On October 3, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced sanctions pursuant to Executive Order 14033 against two individuals and one business entity in Bosnia and Herzegovina (BiH). According OFAC, these designations follow OFAC’s September 26 designation of a corrupt state prosecutor in BiH and build on other recent sanctions imposed on individuals and entities in the region (covered by InfoBytes here). Collectively, OFAC noted that “these actions underscore the United States’ willingness to hold accountable those enabling divisive and destabilizing activities in the Western Balkans.” OFAC further noted that one of the designated individuals is one of the wealthiest individuals in BiH and is the longtime owner of a large engineering firm. According to OFAC, the individual and the firm “have been linked to corruption in the construction sector.” The sanctions also target the Prime Minister of the Federation of Bosnia and Herzegovina for “misus[ing] pensioner data for the benefit of his own political party and contrary to BiH law.” As a result of the sanctions, all property and interests in property belonging to the sanctioned individuals and entities subject to U.S. jurisdiction are blocked and must be reported to OFAC. Additionally, “any entities that are owned, directly or indirectly, 50 percent or more by one or more blocked persons are also blocked.” OFAC further noted that “transactions by U.S. persons or within (or transiting) the United States that involve any property or interests in property of designated or blocked persons are prohibited unless authorized by a general or specific license issued by OFAC, or exempt,” which “include the making of any contribution or provision of funds, goods, or services by, to, or for the benefit of any blocked person and the receipt of any contribution or provision of funds, goods, or services from any such person.”