Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • District court: Initial debt collection communication via email does not violate FDCPA


    On May 19, the U.S. District Court for the Northern District of California granted a debt collector’s motion to dismiss a lawsuit with prejudice brought by a plaintiff alleging violations of the Electronic Signatures in Global Commerce (E-SIGN) Act and the FDCPA. The defendant sent an email to the plaintiff attempting to collect an unpaid debt that contained a validation notice. The plaintiff argued that the email violated the E-SIGN Act because she did not consent to receive email from the defendant, and that it also violated the FDCPA “because the email referred to ‘send[ing]’ a copy of the verification of the debt whereas § 1692g(a)(4) specifies that a copy of the verification will be ‘mailed.’” Among other arguments, the plaintiff claimed that the email’s subject line, which stated “This needs your attention,” violated the FDCPA because it did not convey that the message was seeking to collect a debt, and that she received several more emails during the validation period, which confused her and “overshadowed” the validation notice in the initial communication.

    The court disagreed, stating that because there are “no express restrictions” within the FDCPA about how the initial communication must be made, allowing it to be made electronically is a “reasonable argument.” Specifically, the court noted that the CFPB has recognized that certain communication technologies such as email did not exist when the FDCPA was passed, and referred to the Bureau’s commentary on its proposed debt collection rule that stated “a validation notice as part of an initial communication can be conveyed via email.” [Emphasis in the original.] The court also determined that the plaintiff lacked standing with respect to her claim that the initial email’s subject line violated the FDCPA since she opened the email and clicked on the link. Furthermore, the court noted that using the word “send” instead of “mailed” in the initial communication would not have confused the least sophisticated debtor because the “debtor, if concerned about getting a verification of debt via email, could always ask for a copy to be sent via physical mail instead.”

    Courts FDCPA E-SIGN Act Debt Collection CFPB

    Share page with AddThis
  • FTC and Utah add TSR charges to real estate seminar complaint

    Federal Issues

    On May 20, the FTC announced that it and the Utah Division of Consumer Protection amended their complaint against a Utah-based company and its affiliates (collectively, “defendants”) for allegedly using deceptive marketing to persuade consumers to attend real estate events costing thousands of dollars. The amended complaint adds additional defendants and new charges asserting the defendants violated the Telemarketing Sales Rule (TSR). As previously covered by InfoBytes, the U.S. District Court for the District of Utah issued a temporary restraining order against the defendants after the FTC and the Utah Division of Consumer Protection accused the defendants of violating the FTC Act, the Consumer Review Fairness Act (CRFA), and Utah state law, by marketing real estate events with false claims and celebrity endorsements. Among other things, the defendants allegedly told consumers they would (i) earn thousands of dollars in profits from real estate investment “flips” by using the defendants’ products; (ii) receive 100 percent funding for their real estate investments, regardless of credit history; and (iii) receive a full refund if they do not make “‘a minimum of three times’” the price of the workshop within six months. The amended complaint alleges that, in addition to the claims made at the real estate events, the defendants reiterated the false or misleading statements in the course of their telemarketing activities in violation of the TSR.

    Federal Issues Courts FTC Enforcement FTC Act UDAP TSR Deceptive Marketing State Issues

    Share page with AddThis
  • District court allows class autodialer claims to proceed against mortgage lender


    On May 18, the U.S. District Court for the Eastern District of Michigan denied a request to dismiss a putative class action concerning alleged violations of the TCPA, ruling that the plaintiff plausibly alleged the mortgage lender (defendant) sent unsolicited texts through the use of an automatic telephone dialing system (autodialer). The plaintiff claimed, among other things, that (i) the texts came by way of SMS short codes, which are “reserved for automatically made text messages”; (ii) the messages were generic and non-personal; (iii) the messages followed a similar calling pattern; and (iv) the plaintiff continued to receive them after opting out. The defendant countered that the claims should be dismissed because the plaintiff’s argument is “devoid of plausible allegations” under the TCPA that it used an autodialer that has the capacity to produce telephone numbers using a random or sequential number generator. However, the court determined that, in the absence of direction from the U.S. Court of Appeals for the Sixth Circuit “as to the kind of supporting factual allegations that must be included to sufficiently allege the [autodialer] element of a TCPA case,” the court will follow other district courts that have allowed TCPA suits to continue if the plaintiff sufficiently alleges facts to plausibly support a finding that an autodialer was used.

    Courts Class Action Mortgages TCPA Autodialer

    Share page with AddThis
  • Financial institutions, CRA reach settlement over 2017 data breach


    On May 15, a putative class of financial institutions filed an unopposed motion for preliminary approval of a settlement in a multidistrict litigation stemming from a credit reporting agency’s (CRA) 2017 data breach. The class, comprised of financial institutions that issued credit or debit cards whose information was believed to have been breached, argued that the data breach was the result of the CRA’s alleged failure to implement the necessary precautions to safeguard consumers’ personally identifiable information (PII). The class further contended that financial institutions suffer the primary harm caused by identity theft, because they “bear the risk of loss when identity thieves use a customer’s PII to open accounts, transfer funds, take out loans, make fraudulent transactions, or obtain credit or debit cards in the customer’s name.”

    The proposed settlement—pending approval from the U.S. District Court for the Northern District of Georgia—will require the CRA to pay $5.5 million to class members that submit valid claims, spend at least $25 million over a two-year period on “data security measures pertinent to the [financial intuitions] and their claims,” and cover settlement administration and notice costs, as well as agreed-upon attorney fees, expenses, and named-plaintiff service awards. The motion for preliminary approval states that the CRA will also, among other things, (i) adopt and/or maintain certain measures in order to identify “reasonably foreseeable threats” to PII; (ii) respond to identified vulnerabilities that may impact the confidentiality of PII; (iii) design safeguards to manage risks identified though data security risk assessments; (iv) implement a security control framework consistent with requirements for systems that “store, process, or transmit [p]ayment [c]ard [d]ata in connection with U.S. payment card transactions”; and (v) maintain a compliance program and submit annual certifications to class counsel.

    Courts Settlement Privacy/Cyber Risk & Data Security MDL Data Breach Credit Reporting Agency

    Share page with AddThis
  • District court compels arbitration of biometric privacy suit


    On May 15, the U.S. District Court for the Northern District of Illinois granted an online photography company’s motion to compel arbitration in a biometric privacy lawsuit, notwithstanding the company’s unilateral modification of arbitration terms after the lawsuit was filed. According to the opinion, the plaintiffs created an account on the company’s website in August 2014. In May 2015, the company added an arbitration provision to its Terms of Use. In June 2019, the plaintiffs filed the proposed class action alleging the company violated the Illinois Biometric Information Privacy Act (BIPA) “by using facial-recognition technology to extract biometric identifiers for ‘tagging’ individuals and by ‘selling, leasing, trading, or otherwise profiting from Plaintiffs’…biometric information.’” In September 2019, the company sent an email to all of its users that its account Terms of Use were updated, including provisions regarding arbitration. The email stated that if users continued to use the website or did not close their account by October 1, 2019, they were deemed to have accepted the updated terms. The plaintiffs’ account remained open as of October 2, 2019. The company moved to compel arbitration of the plaintiffs’ claims. The plaintiffs argued that the September 2019 email did not create a binding agreement to arbitrate and that it should not apply retroactively to the June 2019 claim.

    The court rejected the plaintiffs’ arguments, concluding that they were already bound to arbitration by the 2015 update to the company’s terms of use, because the terms accepted in 2014 included a “change-in-terms” provision, allowing the company to revise terms from time to time by posting revisions. Moreover, the court disagreed with the plaintiffs that the September 2019 email was “an attempt by [the company] to ‘surreptitiously’ bind unwitting putative class members to arbitration agreements,” noting that the 2019 modifications did not significantly alter users’ rights under the arbitration agreement and the court would “not rely on the 2019 email to find that any putative class members agreed to arbitrate.”

    Courts Arbitration Privacy/Cyber Risk & Data Security Class Action

    Share page with AddThis
  • 7th Circuit: CRAs not required to determine legal validity of disputed debt


    On May 11, the U.S. Court of Appeals for the Seventh Circuit affirmed a district court’s dismissal of a putative class action, holding that the FCRA does not compel a consumer reporting agency (defendant) to determine the legal validity of a debt when investigating a dispute. The plaintiffs alleged that they obtained payday loans with allegedly usurious interest rates from online entities affiliated with Native American tribes. After both plaintiffs stopped making monthly payments, the lenders reported the delinquent amounts to the defendant. One of the plaintiffs disputed the accuracy of his credit report, arguing that because the loan was “illegally issued” he was not obligated to make payments. The defendant conducted an investigation and verified the furnished information was accurate. However, the defendant did not investigate whether the debt was legal. The plaintiffs filed suit, alleging two FCRA violations: (i) Section 1681e(b) which requires consumer reporting agencies “to assure maximum possible accuracy of the information” contained in credit reports; and (ii) Section 1681i(a) which “requires consumer reporting agencies to reinvestigate disputed items.” According to the plaintiffs, the defendant’s credit reports “contained ‘legally inaccurate’ information because they posted ‘legally invalid debts.’” The district court granted judgment on the pleadings to the defendant, ruling that the plaintiffs’ FCRA claims fell short because they never alleged that the information that was reported was factually inaccurate and, “until a formal adjudication invalidates the plaintiffs’ loans,” the reported information would not be factually inaccurate.

    On appeal, the 7th Circuit held, among other things, that only furnishers—“such as banks, credit lenders, and collection agencies”—are required under the FCRA to correctly report liability, stating it is not the defendant’s responsibility to determine the enforceability of the debt because the “power to resolve these legal issues exceeds the competencies of consumer reporting agencies.” Moreover, the appellate court determined that the defendant cannot be liable under either of the plaintiffs’ FCRA claims if it did not report inaccurate information.

    Courts Appellate Seventh Circuit Credit Reporting Agency FCRA

    Share page with AddThis
  • 6th Circuit denies stay of injunction against PPP Ineligibility Rule

    Federal Issues

    On May 15, the U.S. Court of Appeals for the Sixth Circuit denied the SBA’s emergency motion for a stay of the district court’s injunction against the agency’s Paycheck Protection Program (PPP) Ineligibility Rule. As previously covered by InfoBytes, the district court granted a preliminary injunction against the SBA’s PPP Ineligibility Rule—which, in relevant part, excludes from PPP loan eligibility “sexually oriented businesses that present entertainment or sell products of a ‘prurient’ (but not unlawful) nature.” The district court concluded that the Rule was in conflict with the Congressional purpose of the CARES Act, which houses the PPP, to protect workers in need during the Covid-19 pandemic, including workers for businesses that have been historically excluded from SBA financial assistance.

    The 6th Circuit agreed with the district court, denying the motion for a stay. The court noted that the CARES Act specifies that eligibility “is conferred on ‘any business concern,’” which “encompasses sexually oriented businesses.” It went on to state that “the public interest is served in guaranteeing that any business, including plaintiffs, receive loans to protect and support their employees during the pandemic.”

    In dissent, one judge argued that it is “unclear whether Congress meant that any business concern was eligible for a PPP loan regardless of SBA restrictions,” and therefore, the injunction should be stayed pending a decision on the merits.

    Federal Issues Courts SBA Covid-19 Small Business Lending Appellate Sixth Circuit CARES Act

    Share page with AddThis
  • CFPB reaches $18 million settlement in credit-report scheme

    Federal Issues

    On May 14, the CFPB filed a proposed stipulated final judgment and order in the U.S. District Court for the Central District of California against a mortgage lender and several related individuals and companies (collectively, “defendants”) for alleged violations of the Consumer Financial Protection Act (CFPA), Telemarketing Sales Rule (TSR), and Fair Credit Reporting Act (FCRA). As previously covered by InfoBytes, the CFPB filed a complaint in January claiming the defendants violated the FCRA by, among other things, illegally obtaining consumer reports from a credit reporting agency for millions of consumers with student loans by representing that the reports would be used to “make firm offers of credit for mortgage loans” and to market mortgage products, but instead, the defendants allegedly resold or provided the reports to companies engaged in marketing student loan debt relief services. The defendants also allegedly violated the TSR by charging and collecting advance fees for their debt relief services. The CFPB further alleged that defendants violated the TSR and CFPA when they used telemarketing sales calls and direct mail to encourage consumers to consolidate their loans, and falsely represented that consolidation could lower student loan interest rates, improve borrowers’ credit scores, and change their servicer to the Department of Education.

    If approved by the Court, the Bureau’s proposed settlement would (i) impose an $18 million redress judgment against the mortgage lender, of which all but $200,000 would be suspended due to the lender’s limited ability to pay; (ii) require one of the individuals and his company to disgorge $403,750 in profits to provide redress; (iii) impose a $406,150 judgement against a second individual and his company, which will be suspended due to the defendants’ inability to pay; (iv) impose a total $450,001 civil money penalty against the defendants; (v) permanently ban the defendants from the debt-relief industry and from using or obtaining prescreened consumer reports; and (vi) prohibit the defendants from on using or obtaining consumer reports for “any business purpose other than underwriting or otherwise evaluating mortgage loans.”

    Federal Issues Courts CFPB Enforcement Consumer Finance Debt Relief Student Lending FCRA CFPA Telemarketing Sales Rule Deceptive UDAAP

    Share page with AddThis
  • District court grants debt collector’s arbitration request


    On May 11, the U.S. District Court for the District of New Jersey granted a debt collector’s renewed motion to compel arbitration, concluding that the previously-ordered discovery demonstrated that the plaintiff’s FDCPA claim fell within the bounds of the arbitration clause in the underlying credit card agreement. As previously covered by InfoBytes, the plaintiffs filed a proposed class action alleging that the debt collection company’s collection letters violated the FDCPA because they did not “properly identify the name of the current creditor to whom the debt is owed.” The debt collectors filed an initial motion to compel arbitration, arguing that the debts described in the plaintiffs’ amended complaint arose pursuant to credit card agreements that include an arbitration clause. In February 2019, the court denied the motion concluding that discovery was needed in order to determine whether an arbitration clause applied to the plaintiffs’ claims regarding FDCPA violations. After the parties engaged in discovery, the plaintiff argued that only the card issuer has a right to compel arbitration under the agreement. The court rejected this argument, concluding that the collection agency was an agent of the creditor and as an agent, the collector may enforce the arbitration agreement. Moreover, the court determined that the debt collection letter relates to the consumer’s credit account as the debt is a result of the credit card use and the FDCPA claim “is statuary, as explicitly provided for in the card agreement.”

    Courts Arbitration FDCPA Debt Collection

    Share page with AddThis
  • $550 million preliminary settlement reached in biometric privacy class action

    Privacy, Cyber Risk & Data Security

    On May 8, plaintiffs in a biometric privacy class action in the U.S. District Court for the Northern District of California filed a motion requesting preliminary approval of a $550 million settlement deal. The preliminary settlement, reached between a global social media company and a class of Illinois users, would resolve consolidated class claims that alleged the social media company’s face scanning practices violated the Illinois Biometric Information Privacy Act (BIPA). As previously covered by InfoBytes, last August the U.S. Court of Appeals for the 9th Circuit affirmed class certification and held that the class’s claims met the standing requirement described in Spokeo, Inc. v. Robins because the social media company’s alleged development of a face template that used facial-recognition technology without users’ consent constituted an invasion of an individual’s private affairs and concrete interests. According to the motion for preliminary approval, the settlement would be the largest BIPA class action settlement ever and would provide “cash relief that far outstrips what class members typically receive in privacy settlements, even in cases in which substantial statutory damages are involved.” If approved, the social media company must also provide “forward-looking relief” to ensure it secures users’ informed, written consent as required under BIPA.

    Privacy/Cyber Risk & Data Security Courts Enforcement Consumer Protection Settlement Class Action State Issues

    Share page with AddThis