InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court approves contact tracing suit settlement
On October 31, the U.S. District Court for the Northern District of California granted plaintiffs’ motion for attorneys' fees, expenses, and service awards related to a class action settlement alleging that an internet platform (defendant) violated the California Confidentiality of Medical Information Act, as well as other state laws through its “contact tracing” system that operated on consumers’ mobile devices. According to the motion, the defendant co-designed a digital contact tracing system to combat the spread of COVID-19 on mobile devices using the defendant’s mobile device operating system. The plaintiffs alleged that the defendant unlawfully exposed confidential medical information and personally identifying information through this system. Furthermore, the plaintiffs alleged that the defendant's system was "fundamentally flawed in its design and implementation" because it left users’ private medical and personally identifying information unprotected on mobile device “system logs” to which the defendant and third parties had routine access. Under the terms of the settlement, class counsel will receive approximately $1.95 million in attorneys’ fees and $56,457.44 in expenses. Additionally, the defendant must pay service awards to class representatives.
N.J. appeals court says debt collector may file suit during the pandemic
On June 29, the Superior Court of New Jersey, Appellate Division affirmed a lower court’s granting of summary judgment in favor of a plaintiff debt collector in an action over whether a suit could be filed during the Covid-19 pandemic despite a clause in an agreement with the original creditor that barred collection actions in a disaster area. According to the opinion, the plaintiff purchased a portfolio of debts, including two credit card debts owned by the individual defendant. The plaintiff sued the defendant after attempts to collect on the debts were unsuccessful. The defendant filed a third-party complaint against the plaintiff asserting counterclaims accusing the plaintiff of violating the FDCPA, and stating that collection agencies were barred by an executive order that allegedly prohibited the initiation and adjudication of debt collection matters during the pandemic. A lower court granted the plaintiff’s motion for summary judgment, after finding no genuine issue of material fact which would prevent summary judgment in favor of the plaintiff. Specifically, the lower court “found that plaintiff provided sufficient, credible evidence in the record that established the nexus between the accounts and defendant,” and “also found the executive order and FDCPA argument meritless,” as “no directive existed that prevented agencies from initiating debt collection matters during the COVID-19 pandemic.” The defendant appealed.
On appeal, the defendant argued, among other things, that the lower court had “improperly relied on inadmissible hearsay documents” and erred in finding the executive order and FDCPA inapplicable. The defendant referred to a clause in an agreement she had with the original creditor, which said: “Without limiting the foregoing, [plaintiff] further represents and warrants that it shall: . . . (x) upon declaration by [the Federal Emergency Management Agency] or any appropriate local, state or federal agency that a location is a disaster area, [plaintiff] agrees to temporarily suspend its collection activities within said area until such time as is reasonable and practicable.” The appeals court agreed with the lower court’s reasoning, and called the defendant’s argument “baseless.” According to the appeals court, the defendant “failed to present evidence that an executive order prohibited the commencement and adjudication of debt collection matters during a state emergency related to the COVID-19 pandemic” and failed to establish “that there is a contractual bar to plaintiff filing a debt collection suit in a disaster area.”
8th Circuit says bank is entitled to proceeds from condo sale
On June 24, the U.S. Court of Appeals for the Eighth Circuit affirmed a trial court’s decision that a plaintiff bank is entitled to the proceeds from the sale of a condominium despite the defendant’s ex-husband’s bankruptcy and an outstanding balance owed to the bank on a business loan. When the defendant signed and initialed a mortgage securing the financing of a condominium, she consented to her ex-husband’s execution of the note but was not a signatory. The mortgage contained three provisions, including (i) a choice-of-law provision specifying that Iowa law governed the mortgage; (ii) a homestead waiver, in which the defendant and her ex-husband “waive[d] all appraisement and homestead exemption rights relating to” the condominium, except as prohibited by law; and (iii) a future advances clause or “dragnet clause,” which granted the plaintiff a security interest in the mortgage that covered future funds the ex-husband may borrow. The plaintiff initiated litigation against the defendant seeking a declaratory judgment that the defendant’s portion of the escrowed sale proceeds was subject to the mortgage’s future advances clause, and that the plaintiff could apply the proceeds to her ex-husband’s business loan. The trial court concluded that the bank was entitled to the proceeds.
On appeal, the 8th Circuit concluded that the mortgage’s future advances clause encompassed and secured the defendant’s ex-husband's business loan. Among other things, the appellate court rejected the defendant’s arguments that (i) the plaintiff failed to make a prima facie case that it was entitled to the condo sale proceeds because it purportedly “did not prove the proceeds comported with the mortgage’s maximum obligation limit clause (finding “no miscarriage of justice in declining to analyze her claim”); and (ii) the mortgage forced “her to waive her homestead rights in contravention of public policy” and in violation of the FTC’s “unfair credit practices” regulation (16 C.F.R. § 444.2)—a regulation, the appellate court pointed out, that does not apply to “banks” by its own terms. The 8th Circuit also rejected defendant’s unconscionability claim under Iowa law, stating that the “doctrine of unconscionability does not exist to rescue parties from bad bargains.” The appellate court further rejected the defendant’s other “equitable arguments” as “untenable” primarily because the mortgage is a “credit agreement” regulated under Iowa Code § 535.17(5)(c), and that statute expressly displaces equitable remedies.
District Court preliminarily approves $3.7 million data breach settlement
On June 30, the U.S. District Court for the Central District of California preliminarily approved an approximately $3.7 million consolidated class action settlement resolving claims arising from a defendant restaurant chain’s 2021 data breach. According to class members’ memorandum in support of their motion for preliminary approval of the settlement, the data breach exposed current and former employees’ personal identifying information (PII), including names and Social Security numbers. Following an investigation, the defendant sent notices to roughly 103,767 individuals whose PII may have been subject to unauthorized access and offered impacted individuals one year of free credit and identity monitoring services. Putative class actions were filed claiming the defendant failed to adequately safeguard its current and former employees’ (and their family members’) electronically stored PII, and alleging, among other things, violations of California’s Unfair Competition Law, Customer Records Act, and Consumer Privacy Act. If the settlement is granted final approval, each class member will be eligible to make a claim for up to $1,000 in reimbursements for expenses and lost time, and up to $5,000 in reimbursements for extraordinary expenses for identity theft related to the data breach. California settlement subclass members will also be entitled to $100 as a statutory damages award. Additionally, all class members will be eligible to enroll in two-years of three-bureau credit monitoring. The defendant may also be responsible for attorneys’ fees, costs, and service awards.
Ex-NFL players no longer part of CFPB, New York suit on high-cost loans
On June 27, the CFPB and New York attorney general filed an amended complaint in the U.S. District Court for the Southern District of New York, removing references to a New Jersey-based finance company’s arrangements with seven former NFL players in an action concerning whether the company and its affiliates (collectively, “defendants”) mischaracterized high-cost loans as assignments of future payment rights. As previously covered by InfoBytes, the agencies filed a lawsuit in 2017 claiming, among other things, that the defendants misled World Trade Center attack first responders and professional football players in selling expensive advances on benefits to which they were entitled and mischaracterized extensions of credit as assignments of future payment rights, thereby misleading their victims into repaying far more than they received. Specifically, the initial filing in 2017 alleges that the defendants (i) used “confusing contracts” to prevent the individuals from understanding the terms and costs of the transactions; (ii) lied to the individuals by telling them the companies could secure their payouts more quickly; (iii) misrepresented how quickly they would receive payments from the companies, and (iv) collected interest at an illegal rate. The amended complaint removes all references to defendants’ arrangements with the ex-NFL players, but maintains claims related to financing deals signed with first responders to the World Trade Center attack.
The court issued an order on June 28 accepting the agencies’ unopposed motion to file the amended complaint to “remove references to NFL player consumers and to remove allegations in Count VIII” related to alleged violations of New York General Obligations Law § 13-101 concerning personal injury claims. No additional details on the reasons for the removals are provided.
The amended complaint follows a March order issued by the district court (covered by InfoBytes here) in which it ruled that the CFPB could proceed with its 2017 enforcement action. In 2020, the U.S. Court of Appeals for the Second Circuit vacated the district court’s 2018 order (covered by InfoBytes here), which had dismissed the case on the grounds that the Bureau’s single-director structure was unconstitutional, and that, as such, the agency lacked authority to bring claims alleging deceptive and abusive conduct by the company. The 2nd Circuit remanded the case to the district court, determining that the U.S. Supreme Court’s ruling in Seila Law LLC v. CFPB (holding that the director’s for-cause removal provision was unconstitutional but severable from the statute establishing the Bureau, as covered by a Buckley Special Alert) superseded the 2018 ruling.
Insurers consider biometric exclusions as privacy cases increase
According to sources, some insurers are considering adding biometric exclusions to their insurance policies as privacy lawsuits increase. An article on the recent evolution of biometric privacy lawsuits noted an apparent increase in class actions claiming violations of the Illinois Biometric Information Privacy Act (BIPA), as “more courts began ruling that individuals need not show actual injury to allege BIPA violations.” The article explained that insurance carriers now “argue that general liability policies, with their lower premiums and face values, don’t insure data privacy lawsuits and can’t support potentially huge BIPA class action awards and settlements.” This issue is poised to become increasingly important to carriers and policyholders as additional states seek to regulate biometric privacy. The article noted that in the first quarter of 2022, seven states (California, Kentucky, Maine, Maryland, Massachusetts, Missouri, and New York) introduced biometric laws generally based on Illinois’ BIPA. Texas and Washington also have biometric laws, but without a private right of action.
District Court says Massachusetts law will apply in choice-of-law privacy dispute
On June 28, the U.S. District Court for the District of South Carolina ruled that it will apply Massachusetts law to negligence claims in a putative class action concerning a cloud-based services provider’s allegedly lax data-security practices. The plaintiffs claimed that the defendant’s “security program was inadequate and that the security risks associated with the Personal Information went unmitigated, allowing [] cybercriminals to gain access.” During discovery, the defendant (headquartered in South Carolina) stated that its U.S. data centers are located in Massachusetts, Texas, California, and New Jersey, and that the particular servers that housed the plaintiffs’ data (and were the initial entry point for the ransomware attack) are physically located in Massachusetts. While both parties stipulated to the application of South Carolina choice-of-law principles generally, the plaintiffs specifically requested that South Carolina law be applied to their common law claims of negligence, negligence per se, and invasion of privacy since it was the state where defendant executives made the cybersecurity-related decisions that allegedly allowed the data breach to occur. However, the defendant countered that the law of each state where a plaintiff resides should apply to that specific plaintiff’s common law tort claims because the “damages were felt in their respective home states.” Both parties presented an alternative argument that if the court found the primary choice-of-law theory to be unfounded, then Massachusetts law would be appropriate as “Massachusetts was the state where the last act necessary took place because that is where the data servers were housed.”
In determining which state’s common-law principles apply, the court stated that even if some of the cybersecurity decisions were made in South Carolina, the personal information was stored on servers in Massachusetts. Moreover, the “alleged decisions made in South Carolina may have contributed to the breach, but they were not the last act necessary to establish the cause of action,” the court wrote, noting that in order for the defendant to be potentially liable, the data servers would need to be breached. The court further concluded that “South Carolina’s choice of law rules dictate that where an injury occurs, not where the result of the injury is felt or discovered is the proper standard to determine the last act necessary to complete the tort.” As such, the court stated that Massachusetts law will apply as that is where the data breach occurred.
District Court approves $2.5 million settlement over prerecorded telemarketing messages
On June 24, the U.S. District Court for the Central District of California granted final approval of a $2.5 million class action settlement resolving claims that an auto dealer group and marketing director (collectively, “defendants”) violated the TCPA by sending “prerecorded telemarketing messages” to consumers’ cell phones without receiving consumers’ express written consent. According to the second amended complaint, the plaintiff sued the defendants after he allegedly received unsolicited prerecorded text messages advertising one of the auto group’s dealerships. Under the terms of the agreement, class members (comprised of consumers who were sent prerecorded messages from the defendants, auto dealerships managed by the defendant, or anyone acting on the defendant’s behalf, including employees, agents, third-party contractors, and sub-contractors) will receive a portion of the $2.5 million settlement. The settlement amount also provides for up to $625,700 in attorneys’ fees, nearly $12,600 for costs, and $125,000 for the settlement administrator. The class representative will be given a $5,000 service award. Additionally, the defendants and dealerships are required to “adopt policies and procedures regarding compliance with the TCPA and the National Do Not Call Registry.”
District Court gives final approval in TCPA class action settlement
On June 24, the U.S. District Court for the Eastern District of New York granted final approval of a $38.5 million settlement in a class action against a national gas service company and other gas companies (collectively, defendants) for allegedly violating the TCPA in connection with calls made to cell phones. As previously covered by InfoBytes, the plaintiff’s memorandum of law requested preliminary approval of the class action settlement. The settlement establishes a settlement class of all U.S. residents who “from March 9, 2011 until October 29, 2021, received a telephone call on a cellular telephone using a prerecorded message or artificial voice” regarding several topics including: (i) the payment or status of bills; (ii) an “important matter” regarding current or past bills and other related issues; and (iii) a disconnect notice concerning a current or past utility account. Under the terms of the settlement, the defendants will provide monetary relief to claiming class members in an estimated amount between $50 and $150. The settlement will additionally require the companies to implement new training programs and procedures to prevent any future TCPA violations. The settlement permits counsel for the proposed class to seek up to 33 percent of the settlement fund to cover attorney fees and expenses.
District Court grants summary judgment for debt collector over dunning emails
On June 23, the U.S. District Court for the Northern District of Illinois granted a defendant’s motion for summary judgment, ruling that dunning emails sent to collect unpaid credit card debt did not violate the FDCPA. The plaintiff received an email from the defendant stating that it was attempting to collect the debt on behalf of the creditor, and that due to the age of her debt, the creditor could not sue her for it. While the email stated that “making a payment on a time-barred debt has the potential to restart the statute of limitations for suit on the debt,” it went on to say that it was the creditor’s policy “never to file suit on a debt after the original statute of limitations has expired” and that it never sells such debt. A few days later, the defendant sent the plaintiff an email attempting to collect a separate debt owed to a different creditor. The plaintiff’s attorney sent a letter informing the defendant that she represented plaintiff and requested that plaintiff not be contacted again. After the plaintiff received a third email from the defendant, she sued alleging the defendant violated Section 1692e by urging her to pay a debt without disclosing that the defendant could not sue or report the debt. She further alleged that the defendant violated the FDCPA by continuing to send communications even after the defendant knew she was represented by an attorney. The plaintiff argued that she suffered an injury—and had standing—because she refrained from making purchases and because the defendant had wasted her time.
The court disagreed, writing that the plaintiff failed to put forth evidence demonstrating some form of financial harm in order to have Article III standing. The court observed that “[o]ne does not suffer a monetary injury by refraining from making a purchase; one still has her money if she refrains from making a purchase. Paying too much for an item constitutes an economic injury but refraining from paying for an item does not. At best, plaintiff’s action might have left her with a feeling of want or desire, but such feelings are not concrete injuries.” Moreover, “[e]ven if plaintiff could be thought to have suffered an injury, her decision to refrain from any particular purchase is not fairly traceable to defendant,” the court wrote. And though the court found standing on her claim related to defendant’s continued contact, the court held that “Section 1692c(a)(2) applies only where the debt collector knows the consumer is represented by an attorney with respect to the specific debt being collected.” The defendant needed to be informed that the attorney was representing the plaintiff on both creditors’ debts for the third email to be a violation of the FDCPA, the court concluded.