InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
4th Circuit upholds sanctions against debt relief operation
On June 23, the U.S Court of Appeals for the Fourth Circuit upheld a default judgment entered against a debt relief operation and related individuals accused of violating the TCPA and the West Virginia Consumer Credit and Protection Act (WVCCPA). Plaintiff-appellee alleged she received multiple telemarketing phone calls regarding debt relief offered through lower interest rates on credit cards from the defendants (including the appellants). During discovery, defendants allegedly engaged in “evasive discovery tactics” and “relentless sandbagging,” which resulted in a magistrate judge entering multiple orders to compel. Defendants allegedly continued to call the plaintiff-appellee for more than a year after she filed her initial complaint. Additional defendants (including some of the appellants) were added via amended complaints as she discovered defendants had allegedly “formed a vast and complex web of corporate entities.”
The district court eventually sanctioned the appellants and struck their defenses for, among other things, engaging in a “pattern of concealing discoverable material” and failing to obey court orders. Appellants filed a motion for reconsideration, claiming the sanctions were too harsh and came as a surprise, the discovery abuses were “inadvertent,” and the plaintiff-appellee had not been prejudiced. Plaintiff-appellee then filed a renewed motion for sanctions outlining continued violations by appellants. Eventually, the district court entered a default judgment against the appellants for failing “to respond fulsomely and accurately to discovery requests and to comply with court orders pertaining to those requests.” The sanctions imposed an $828,801.36 judgment plus costs.
On appeal, the 4th Circuit concluded the district court did not abuse its discretion in finding appellants acted in bad faith and entered default judgment against them. The appellate court explained that there are certain circumstances, including this action, “where the entry of default judgment against a defendant for systemic discovery violations is the natural next step in the litigation, even without an explicit prior warning from the district court.” The appellate court further concluded the record contradicted each of the appellants’ arguments and held appellants “had fair ‘indication that sanctions might be imposed against [them]’ for their continued discovery and scheduling order violations.” With respect to appellants’ arguments that the district court awarded damages for the same purported calls pursuant to both the TCPA and the WVCCPA, the 4th Circuit found that penalties under these statutes are not exclusive and that they separately penalize different violative conduct. “[D]amages under the WVCCPA may be awarded in addition to those under the TCPA for a single communication that violates both statutes,” the appellate court wrote, adding that a plaintiff can also “recover separate penalties under separate sections of the TCPA even if the violations occurred in the same telephone call.”
Split 9th Circuit: Nevada’s medical debt collection law is not preempted
The U.S. Court of Appeals for the Ninth Circuit recently issued a split decision upholding a Nevada medical debt collection law after concluding the statute was neither preempted by the FDCPA or the FCRA, nor a violation of the First Amendment. SB 248 took effect July 1, 2021, in the wake of the Covid-19 pandemic, and requires debt collection agencies to provide written notification to consumers 60 days “before taking any action to collect a medical debt.” Debt collection agencies are also barred from taking any action to collect a medical debt during the 60-day period, including reporting a debt to a consumer reporting agency.
Plaintiffs, a group of debt collectors, sued the Commissioner of the Financial Institutions Division of Nevada’s Department of Business and Industry after the bill was enacted, seeking a temporary restraining order and a preliminary injunction. In addition to claiming alleged preemption by the FDCPA and the FCRA, plaintiffs maintained that SB 248 is unconstitutionally vague and violates the First Amendment. The district court denied the motion, ruling that none of the arguments were likely to succeed on the merits.
In agreeing with the district court’s decision, the majority concluded that SB 248 is not unconstitutionally vague with respect to the term “before taking any action to collect a medical debt” and that any questions about what constitute actions to collect a medical debt were addressed by the statute’s implementing regulations. With respect to whether SB 248 violates the First Amendment, the majority held that debt collection communications are commercial speech and thus not subject to strict scrutiny. As to questions of preemption, the majority determined that SB 248 is not preempted by either the FDCPA or the FCRA. The majority explained that furnishers’ reporting obligations under the FCRA do not include a deadline for when furnishers must report a debt to a CRA and that the 60-day notice is not an attempt to collect a debt and therefore does not trigger the “mini-Miranda warning” required in a debt collector’s initial communication stating that “the debt collector is attempting to collect a debt.”
The third judge disagreed, arguing, among other things, that the majority’s “position requires setting aside common sense” in believing that the FDCPA does not preempt SB 248 because the 60-day notice is not an action in connection with the collection of a debt. “The only reason that a debt collector sends a Section 7 Notice is so that he can later start collecting a debt,” the dissenting judge wrote. “It is impossible to imagine a situation where a debt collector would send such a notice except in pursuit of his goal of ultimately obtaining payment for (i.e., collecting) the debt.” The dissenting judge further argued that by delaying the reporting of unpaid debts, SB 248 conflicts with the FCRA’s intention of ensuring credit information is accurately reported.
CFPB, FTC, and consumer advocates ask 7th Circuit to review redlining dismissal
The CFPB recently filed its opening brief in the agency’s appeal of a district court’s decision to dismiss the Bureau’s claims that a Chicago-based nonbank mortgage company and its owner violated ECOA by engaging in discriminatory marketing and consumer outreach practices. As previously covered by InfoBytes, the Bureau sued the defendants in 2020 alleging fair lending violations predicated, in part, on statements made by the company’s owner and other employees during radio shows and podcasts. The agency claimed that the defendants discouraged African Americans from applying for mortgage loans and redlined African American neighborhoods in the Chicago area. The defendants countered that the Bureau improperly attempted to expand ECOA’s reach and argued that ECOA “does not regulate any behavior relating to prospective applicants who have not yet applied for credit.”
In dismissing the action with prejudice, the district court applied step one of the Chevron framework (which is to determine “whether Congress has directly spoken to the precise question at issue”) when reviewing whether the Bureau’s interpretation of ECOA in Regulation B is permissible. The court concluded, among other things, that Congress’s directive does not apply to prospective applicants.
In its appellate brief, the Bureau argued that the long history of Regulation B supports the Bureau’s interpretation of ECOA, and specifically provides “that ‘[a] creditor shall not make any oral or written statement, in advertising or otherwise, to applicants or prospective applicants that would discourage on a prohibited basis a reasonable person from making or pursuing an application.” While Congress has reviewed ECOA on numerous occasions, the Bureau noted that it has never challenged the understanding that this type of conduct is unlawful, and Congress instead “created a mandatory referral obligation [to the DOJ] for cases in which a creditor has unlawfully ‘engaged in a pattern or practice of discouraging or denying applications for credit.’”
Regardless, “even if ECOA’s text does not unambiguously authorize Regulation B’s prohibition on discouraging prospective applicants, it certainly does not foreclose it,” the Bureau wrote, pointing to two perceived flaws in the district court’s ruling: (i) that the district court failed to recognize that Congress’s referral provision makes clear that “discouraging . . . applications for credit” violates ECOA; and (ii) that the district court incorrectly concluded that ECOA’s reference to applicants “demonstrated that Congress foreclosed prohibiting discouragement as to prospective applicants.” The Bureau emphasized that several courts have recognized that the term “applicant” can include individuals who have not yet submitted an application for credit and stressed that its interpretation of ECOA, as reflected in Regulation B’s discouragement prohibition, is not “arbitrary, capricious, or manifestly contrary to the statute.” The Bureau argued that under Chevron step two (which the district court did not address), Regulation B’s prohibition on discouraging prospective applicants from applying in the first place is reasonable because it furthers Congress’ efforts to prohibit discrimination and ensure equal access to credit.
Additionally, the FTC filed a separate amicus brief in support of the Bureau. In its brief, the FTC argued that Regulation B prohibits creditors from discouraging applicants on a prohibited basis, and that by outlawing this type of behavior, it furthers ECOA’s purpose and prevents its evasion. In disagreeing with the district court’s position that ECOA only applies to “applicants” and that the Bureau cannot proscribe any misconduct occurring before an application is filed, the FTC argued that the ruling violates “the most basic principles of statutory construction.” If affirmed, the FTC warned, the ruling would enable creditor misconduct and “greenlight egregious forms of discrimination so long as they occurred ‘prior to the filing of an application.’”
Several consumer advocacy groups, including the National Fair Housing Alliance and the American Civil Liberties Union, also filed an amicus brief in support of the Bureau. The consumer advocates warned that “[i]nvalidating ECOA’s longstanding prohibitions against pre-application discouragement would severely limit the Act’s effectiveness, with significant consequences for communities affected by redlining and other forms of credit discrimination that have fueled a racial wealth gap and disproportionately low rates of homeownership among Black and Latino households.” The district court’s position would also affect non-housing credit markets, such as small business, auto, and personal loans, as well as credit cards, the consumer advocates said, arguing that such limitations “come at a moment when targeted digital marketing technologies increasingly allow lenders to screen and discourage consumers on the basis of their protected characteristics, before they can apply.”
7th Circuit: Insurer required to cover BIPA defense
On June 15, the U.S. Court of Appeals for the Seventh Circuit upheld a district court’s ruling requiring an insurance company to defend an Illinois-based IT company against two putative class actions alleging violations of the Illinois Biometric Information Privacy Act (BIPA). The insurance company sued for a declaration that, under its business liability insurance policy, it has no obligation to indemnify or defend the IT company in the two class actions. Class members alleged the IT company acted as a vendor for a company that “scraped” more than 3 billion facial scans and converted them into biometric facial recognition identifiers, which were then paired to images on the internet and sold via a database to the Chicago Police Department, in violation of BIPA.
The insurance company’s policy bars coverage for any distribution of material in violation of certain specific statutes or in violation of “[a]ny other laws, statutes, ordinances, or regulations” and asserted that this catch-all provision includes BIPA. The district court disagreed, ruling that the language of the policy’s statutory violations exclusion was “intractably ambiguous” and did not explicitly bar coverage of the underlying suits.
On appeal, the 7th Circuit agreed that the district court was correct in determining that a plain-text reading of the insurance policy’s “broad” and ambiguous catch-all coverage exclusion for “personal or advertising injury” would “swallow a substantial portion of the coverage that the policy otherwise explicitly purports to provide.” The 7th Circuit held that “the broad language of the catch-all exclusion purports to take away with one hand what the policy purports to give with the other in defining covered personal and advertising injuries.”
Although the 7th Circuit considered whether there was a “common element” related to privacy in the enumerated statutes that could be read to include BIPA, ultimately the appellate court determined that nothing in the exclusion language “points to privacy as the focus of the exclusion.”
7th Circuit: No causation in FCA claims against mortgage servicer
On June 14, the U.S. Court of Appeals for the Seventh Circuit affirmed a district court’s grant of summary judgment in favor of a defendant mortgage servicer, holding that while the plaintiff had sufficient proof of materiality with respect to alleged violations of the False Claims Act (FCA), plaintiff failed to meet her burden of proof on the element of causation. Plaintiff (formerly employed by the defendant as an underwriter) alleged the defendant made false representations to HUD in the course of certifying residential mortgage loans for federal insurance coverage. She maintained that HUD would not have endorsed the loans for federal insurance if it had known defendant was not satisfying the agency’s minimum underwriting guidelines. Defendant moved for summary judgment after the district court excluded the bulk of plaintiff’s “expert opinion,” arguing that plaintiff could not meet her evidentiary burden on the available record. The district court sided with defendant, ruling that as a matter of law, plaintiff could not prove either materiality (due to the lack of evidence that would allow “a reasonable factfinder to conclude that HUD viewed the alleged underwriting deficiencies as important”) or causation (the false statement caused the government’s loss).
On appeal, the 7th Circuit explained that to show proximate causation, plaintiff was required to identify evidence indicating that the alleged false certifications in reviewed loans were the foreseeable cause of later defaults, as defaults trigger HUD’s payment obligations. The appellate court noted that “it is not clear how a factfinder would even spot the alleged false statement in each loan file, let alone evaluate its seriousness and scope.” Without further evidence indicating how defendant’s alleged misrepresentations caused subsequent defaults, the plaintiff’s claims could not survive summary judgment.
However, the 7th Circuit disagreed with the district court’s reasoning with respect to materiality under the FCA. Although the district court held that plaintiff had failed to establish materiality, the appellate court determined that because HUD’s regulations “provide some guidance, in HUD’s own voice, about the false certifications that improperly induce the issuance of federal insurance, and those are precisely the false certifications present here” there was enough evidence to “clear the summary judgment hurdle” on this issue.
7th Circuit: Time and money in responding to second verification request confers standing under FDCPA
On June 7, the U.S. Court of Appeals for the Seventh Circuit held that spending time and money to send a second verification request is enough to confer standing under the FDCPA. Plaintiff’s defaulted credit card debt was purchased by one of the defendants and placed with a collection agency. A letter providing details about the debt, including the original creditor, current creditor, and a validation notice, was sent to the plaintiff. Within the required 30-day timeframe, plaintiff sent a letter to the collection agency requesting validation of the debt. However, instead of receiving a response from the agency, plaintiff received another letter from one of the defendants that provided information on the debt and informed her that it had initiated a review of the inquiry it had received. The second letter also included a validation notice, which confused the plaintiff and resulted in her spending time and money ($3.95) to request validation again. Plaintiff filed suit accusing the defendants of violating the FDCPA and asserting that the second letter would lead a consumer to believe that they must re-dispute the debt. According to the plaintiff, the letter, among other things, used false, deceptive, misleading, and unfair or unconscionable means to collect or attempt to collect a debt. The defendants moved to dismiss for lack of standing, arguing that while the letter may have confused and alarmed the plaintiff, it did not cause her to initiate “any action to her detriment on account of her confusion.” The district court granted defendants’ motion to dismiss, ruling that the time and money spent on sending the second validation request did not rise to the level of detriment required for standing under the FDCPA, and that, moreover, it provided plaintiff with another opportunity to dispute the debt if she failed to properly do so the first time.
Disagreeing with the dismissal, the 7th Circuit wrote that the second postage fee (albeit modest in size) is the type of harm that Congress intended to protect consumers from when it enacted the FDCPA. “Money damages caused by misleading communications from the debt collector are certainly included in the sphere of interests that Congress sought to protect,” the appellate court stated, explaining that the second letter caused the plaintiff “to suffer a concrete detriment to her debt-management choices in the form of the expenditure of additional money to preserve rights she had already preserved.”
11th Circuit revises data breach negligence claim
The U.S. Court of Appeals for the Eleventh Circuit recently reversed the dismissal of a negligence claim brought against a Georgia-based airport retailer, determining that a company of its size and sophistication “could have foreseen being the target of a cyberattack.” Plaintiff, who used to work for the defendant, filed suit alleging the defendant failed to protect thousands of current and former employees’ sensitive personally identifiable information (PII), including Social Security numbers, from an October 2020 ransomware attack. Bringing claims for negligence and breach of implied contract on behalf of class members, plaintiff contended that not only should the defendant have protected the PII, but it also took several months for the defendant to notify affected individuals. A notice provided by the company claimed the attack only affected an internal, administrative system, but according to the plaintiff, the attacker uploaded the PII to third-party servers. Plaintiff was later informed that an unknown party used his Social Security number to file pandemic-related unemployment assistance claims under his name in Rhode Island and Kentucky. Plaintiff challenged that the defendant should have taken steps before the hack to better protect the information and that the alleged “harms he suffered were a foreseeable result of [defendant’s] inadequate security practices and its failure to comply with industry standards appropriate to the nature of the sensitive, unencrypted information it was maintaining.” The district court disagreed and granted defendant’s motion to dismiss for failure to state a claim. Plaintiff appealed, arguing that “the district court demanded too much at the pleadings stage.”
On appeal, the 11th Circuit concluded, among other things, that the plaintiff could not have been expected to plead details about the defendant’s private data security policies. “We cannot expect a plaintiff in [this] position to plead with exacting detail every aspect of [defendant’s] security history and procedures that might make a data breach foreseeable, particularly where ‘the question of reasonable foreseeability of a criminal attack is generally for a jury’s determination rather than summary adjudication by the courts,’” the appellate court wrote, noting that plaintiff had sufficiently pled the existence of a special relationship as well as a foreseeable risk of harm. However, the 11th Circuit affirmed dismissal of plaintiff’s claim for breach of implied contract, stating that he failed to allege any facts showing that the defendant agreed to be bound by a data retention or protection policy.
A few days later, the 11th Circuit issued an opinion saying class members in a different action should be allowed to amend their data breach negligence claim in light of the appellate court’s decision discussed above. The 11th Circuit wrote that the decision in the aforementioned case “undermined” the dismissal of plaintiff’s negligence claim alleging a defendant warehousing company allowed a data breach to occur because it failed to take appropriate measures to secure its network. Class members in this case also alleged their PII was improperly accessed during a ransomware attack. The appellate court agreed with class members’ contention that the defendant had failed to address a newly created legal standard for data breach negligence claims in its motion to dismiss: “Indeed, the plaintiffs would have been hard-pressed to predict that they might need to amend their complaint to add more specific foreseeability allegations in response to [defendant’s] renewed motion to dismiss,” the appellate court wrote, reversing the denial of the motion for leave to amend.
7th Circuit: Time and money spent responding to second verification request is sufficient for standing
On June 7, the U.S. Court of Appeals for the Seventh Circuit held that spending time and money to send a second verification request is enough to confer standing under the FDCPA. Plaintiff’s defaulted credit card debt was purchased by one of the defendants and placed with a collection agency. A letter providing details about the debt, including the original creditor, current creditor, and a validation notice, was sent to the plaintiff. Within the required 30-day timeframe, plaintiff sent a letter to the collection agency requesting validation of the debt. However, instead of receiving a response from the agency, plaintiff received another letter from one of the defendants that provided information on the debt and informed her that it had initiated a review of the inquiry it had received. The second letter also included a validation notice, which confused the plaintiff and resulted in her spending time and money ($3.95) to request validation again. Plaintiff filed suit accusing the defendants of violating the FDCPA and asserting that the second letter would lead a consumer to believe that they must re-dispute the debt. According to the plaintiff, the letter, among other things, used false, deceptive, misleading, and unfair or unconscionable means to collect or attempt to collect a debt. The defendants moved to dismiss for lack of standing, arguing that while the letter may have confused and alarmed the plaintiff, it did not cause her to initiate “any action to her detriment on account of her confusion.” The district court granted defendants’ motion to dismiss, ruling that the time and money spent on sending the second validation request did not rise to the level of detriment required for standing under the FDCPA, and that, moreover, it provided plaintiff with another opportunity to dispute the debt if she failed to properly do so the first time.
Disagreeing with the dismissal, the 7th Circuit wrote that the second postage fee (albeit modest in size) is the type of harm that Congress intended to protect consumers from when it enacted the FDCPA. “Money damages caused by misleading communications from the debt collector are certainly included in the sphere of interests that Congress sought to protect,” the appellate court stated, explaining that the second letter caused the plaintiff “to suffer a concrete detriment to her debt-management choices in the form of the expenditure of additional money to preserve rights she had already preserved.”
11th Circuit revises data breach negligence claim
The U.S. Court of Appeals for the Eleventh Circuit recently reversed the dismissal of a negligence claim brought against a Georgia-based airport retailer, determining that a company of its size and sophistication “could have foreseen being the target of a cyberattack.” Plaintiff, who used to work for the defendant, filed suit alleging the defendant failed to protect thousands of current and former employees’ sensitive personally identifiable information (PII), including Social Security numbers, from an October 2020 ransomware attack. Bringing claims for negligence and breach of implied contract on behalf of class members, plaintiff contended that not only should the defendant have protected the PII, but it also took several months for the defendant to notify affected individuals. A notice provided by the company claimed the attack only affected an internal, administrative system, but according to the plaintiff, the attacker uploaded the PII to third-party servers. Plaintiff was later informed that an unknown party used his Social Security number to file pandemic-related unemployment assistance claims under his name in Rhode Island and Kentucky. Plaintiff challenged that the defendant should have taken steps before the hack to better protect the information and that the alleged “harms he suffered were a foreseeable result of [defendant’s] inadequate security practices and its failure to comply with industry standards appropriate to the nature of the sensitive, unencrypted information it was maintaining.” The district court disagreed and granted defendant’s motion to dismiss for failure to state a claim. Plaintiff appealed, arguing that “the district court demanded too much at the pleadings stage.”
On appeal, the 11th Circuit concluded, among other things, that the plaintiff could not have been expected to plead details about the defendant’s private data security policies. “We cannot expect a plaintiff in [this] position to plead with exacting detail every aspect of [defendant’s] security history and procedures that might make a data breach foreseeable, particularly where ‘the question of reasonable foreseeability of a criminal attack is generally for a jury’s determination rather than summary adjudication by the courts,’” the appellate court wrote, noting that plaintiff had sufficiently pled the existence of a special relationship as well as a foreseeable risk of harm. However, the 11th Circuit affirmed dismissal of plaintiff’s claim for breach of implied contract, stating that he failed to allege any facts showing that the defendant agreed to be bound by a data retention or protection policy.
A few days later, the 11th Circuit issued an opinion saying class members in a different action should be allowed to amend their data breach negligence claim in light of the appellate court’s decision discussed above. The 11th Circuit wrote that the decision in the aforementioned case “undermined” the dismissal of plaintiff’s negligence claim alleging a defendant warehousing company allowed a data breach to occur because it failed to take appropriate measures to secure its network. Class members in this case also alleged their PII was improperly accessed during a ransomware attack. The appellate court agreed with class members’ contention that the defendant had failed to address a newly created legal standard for data breach negligence claims in its motion to dismiss: “Indeed, the plaintiffs would have been hard-pressed to predict that they might need to amend their complaint to add more specific foreseeability allegations in response to [defendant’s] renewed motion to dismiss,” the appellate court wrote, reversing the denial of the motion for leave to amend.
6th Circuit: Single RVM confers standing
The U.S. Court of Appeals for the Sixth Circuit recently held that receiving one ringless voicemail (RVM) was enough to confer standing upon a plaintiff under the TCPA. In that case, plaintiff asserted he received several RVMs to his cell phone but never consented to receiving the messages. He filed a putative class action suit for violations of the TCPA, alleging the defendant used an automated telephone dialing system (autodialer) to deliver multiple RVMs to his cell phone advertising its services. According to the plaintiff, the RVMs tied up his phone line, cost him money, and invaded his privacy. During discovery, an expert concluded that only one of the 11 voicemails plaintiff claimed to have received was from the defendant. The defendant moved to dismiss, arguing the plaintiff lacked standing because he did not suffer a concrete injury. The district court granted defendant’s motion, ruling that receiving a single RVM did not constitute a concrete harm sufficient for Article III standing, because, among other things, plaintiff could not recall what he was doing when the RVMs were sent, he was not charged for the RVM, the RVM did not tie up his phone line, and he spent a very small amount of time reviewing the message.
On appeal, the 6th Circuit noted that it had not previously considered whether receiving a single RVM for commercial purposes is sufficient to confer standing under the TCPA. To determine whether an intangible harm—such as receiving an unsolicited RVM—rises to the level of concrete injury, the appellate court reviewed U.S. Supreme Court rulings on standing. “[Plaintiff’s] receipt of an unsolicited RVM bears a close relationship to the kind of injury protected by the common law tort of intrusion upon seclusion; and his claimed harm directly correlates with the protections enshrined by Congress in the TCPA,” the 6th Circuit wrote, reversing and remanding the district court’s judgment and stating that “[plaintiff] suffered a concrete injury in fact sufficient for Article III standing purposes.”