InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court denies FTC’s stay bid in $550 million suit
On February 7, the U.S. District Court for the Northern District of Georgia denied the FTC’s motion to stay, or in the alternative, voluntarily dismiss its $550 million consumer deception case against a technology company and its CEO (collectively, “defendants”). The FTC filed the motion to stay (or voluntarily dismiss) after a recent U.S. Supreme Court decision altered the agency’s ability to obtain equitable monetary relief.
The FTC filed a suit in 2019 alleging the defendants made deceptive representations to customers and charged hidden, unauthorized fees in connection with the company’s “fuel card” products, which was in violation of Section 5 of the FTC Act. In 2019, when the agency filed its lawsuit, legal precedent held that the FTC could obtain restitution for consumers directly through such civil proceedings in federal court. However, in April of 2021, the Supreme Court held in AMG Capital Management, LLC v. FTC, that the FTC does not have statutory authority to obtain equitable monetary relief under Section 13(b) of the FTC Act. (Covered by InfoBytes here.)
As a result, the FTC filed its motion to stay or voluntarily dismiss in an attempt to preserve the possibility of obtaining monetary relief for injured consumers in federal court, while it pursues claims against the defendants through the agency’s administrative process. The defendants argued they would be harmed by a dismissal of the FTC’s suit in federal court since the defendants have spent money and resources on their case to date. The defendants also claimed that the FTC’s request was done to seek a more favorable forum, and that the FTC’s four-month delay in pursuing this new course after the Supreme Court’s AMG decision demonstrates bad faith. The court noted that “[i]n filing this lawsuit in federal court in December of 2019, the FTC was acting in reliance on the state of the law as it existed at that time in this circuit and all others except the Seventh Circuit,” and “[t]here is no fault, and nothing unreasonable, in the FTC’s decision.” Nevertheless, in denying the FTC’s motion, the court concluded that the “balance of equities does not weigh in favor of a stay or dismissal without prejudice.”
District Court grants MSJ to creditor in FCRA case
On February 4, the U.S. District Court for the Middle District of Florida granted a defendant creditor’s motion for judgment on the pleadings in a case alleging FCRA violations. The plaintiff alleged that the payment status for a tradeline appearing on her credit report incorrectly showed it as “90 days past due” despite the account being paid and closed. She filed suit against the defendant and two consumer reporting agencies (CRAs) claiming the information furnished by the defendant to the CRAs was inaccurate and that the CRAs prepared and issued credit reports containing “inaccurate and misleading information.” Under the FCRA, entities that furnish information to CRAs are required to ensure the accuracy of the information. If an entity receives a notice of dispute from a consumer it is required to conduct an investigation and report the results to the CRAs—actions, the plaintiff claimed, the defendant failed to do. She further contended that the “pay status” field—which she claimed “is ‘specifically designed to be understood as the current status of the account’”—was causing her credit score to be lower than if it was marked as closed. However, upon review, the court determined that when objectively viewing the plaintiff’s credit reports in their entirety, it is apparent that the account is accurate and not misleading. According to the court, “the only reasonable reading of the [disputed] account is that the account was past due in September 2020, at which time the account was updated one last time and closed—zeroing out the balance. It does not indicate, as [the plaintiff] argues, that she is currently 60 days (or 90 days) past due.” Moreover, no reasonable creditor would look at the report and be misled into believing that the plaintiff had a present pending amount due, the court added.
District Court rules transmitting debtor information to third-party violates FDCPA
On February 2, the U.S. District Court for the Eastern District of Pennsylvania denied a defendant’s motion for judgment on the pleadings, ruling that transmitting a debtor’s personal information to a third-party mail vendor for the purposes of sending a debt collection letter constitutes a communication “in connection with the collection of any debt” under the FDCPA. As previously covered by InfoBytes, in Hunstein v. Preferred Collection & Management Services, the U.S. Court of Appeals for the Eleventh Circuit held that transmitting a consumer’s private data to a commercial mail vendor to generate debt collection letters violates Section 1692c(b) of the FDCPA because it is considered transmitting a consumer’s private data “in connection with the collection of any debt.” The district court found this reasoning “persuasive,” ruling that the plain text of the statute encompasses communications with a third party mail vendor. The district court also rejected the defendant’s arguments that the CFPB and FTC had tacitly endorsed third-party mailers by not pursuing enforcement actions against them: “[B]ecause the agencies tasked with regulating and enforcing the FDCPA have not addressed the use of letter vendors by debt collectors in any legally significant way, and because the statutory language is not subject to a different reading, the Court will afford no deference to the indeterminate actions of the CFPB and FTC.”
Illinois Supreme Court rules Workers’ Compensation Act does not bar BIPA privacy claims
On February 3, the Illinois Supreme Court unanimously ruled that the Illinois Workers’ Compensation Act (Compensation Act) does not bar claims for statutory damages under the state’s Biometric Information Privacy Act (BIPA). According to the opinion, the plaintiff sued the defendant and several other long-term care facilities in 2017 for violations of BIPA, alleging their timekeeping systems scanned her fingerprints without first notifying her and seeking her consent. The defendant countered that the Compensation Act preempted the plaintiff’s claims, but in 2020 the Illinois Appellate Court, First District, held that it failed to see how the plaintiff’s claim for liquidated damages under BIPA “fits within the purview of the Compensation Act, which is a remedial statute designed to provide financial protection for workers that have sustained an actual injury.” As such, the appellate panel concluded that the Compensation Act’s exclusivity provisions “do not bar a claim for statutory, liquidated damages, where an employer is alleged to have violated an employee’s statutory privacy rights under the Privacy Act, as such a claim is simply not compensable under the Compensation Act.”
In affirming the appellate panel’s decision, the Illinois Supreme Court agreed that the “personal and societal injuries caused by violating [BIPA’s] prophylactic requirements are different in nature and scope from the physical and psychological work injuries that are compensable under the Compensation Act. [BIPA] involves prophylactic measures to prevent compromise of an individual’s biometrics.” Additionally, the Illinois Supreme Court held that the plain language of BIPA supports a conclusion that the state legislature did not intend for it to be preempted by the Compensation Act’s exclusivity provisions. Noting that it is aware of the consequences the legislature intended as a result of BIPA violations, the Illinois Supreme Court wrote that the “General Assembly has tried to head off such problems before they occur by imposing safeguards to ensure that the individuals’ privacy rights in their biometric identifiers and biometric information are properly protected before they can be compromised and by subjecting private entities who fail to follow the statute’s requirements to substantial potential liability . . . whether or not actual damages, beyond violation of the law’s provisions, can be shown.” Moreover, if a “different balance should be struck under [BIPA] given the category of injury,” that is “a question more appropriately addressed to the legislature.”
D.C. reaches nearly $4 million settlement with online lender to resolve usury allegations
On February 8, the District of Columbia attorney general announced a nearly $4 million settlement with an online lender to resolve allegations that lender marketed high-costs loans carrying interest rates exceeding D.C.’s interest rate cap. As previously covered by InfoBytes, the AG filed a complaint in 2020, claiming the lender violated the District of Columbia Consumer Protection Procedures Act (CPPA) by offering two loan products to D.C. residents carrying annual percentage rates (APR) ranging between 99-149 percent and 129-251 percent. Interest rates in D.C., however, are capped at 24 percent for loans with the rate expressed in the contract (loans that do not state an express interest rate in the contract are capped at six percent), and licensed money lenders that exceed these limits are in violation of the CPPA. According to the AG, the lender—who allegedly never possessed a money lending license in D.C.—violated the CPPA by (i) unlawfully misrepresenting it was allowed to offer loans in D.C. and failing to disclose or adequately disclose that its loans contain APRs in excess of D.C. usury limits; (ii) engaging in unfair and unconscionable practices through misleading marketing efforts; and (iii) violating D.C. usury laws.
Under the terms of the settlement, the company is required to (i) pay at least $3.3 million in restitution to refund alleged interest overcharges to D.C. borrowers; (ii) provide more than $300,000 in debt forgiveness to D.C. borrowers who would have paid future interest amounts in connection with an outstanding loan balance; and (iii) pay $450,000 to the District. According to the announcement, the company has also agreed that it “will not on its own, or working with third parties such as out of state banks, engage in any act or practice that violates the CPPA in its offer, servicing, advertisement, or provision of loans or lines of credit to District consumers.” The company is also prohibited from charging usurious interest rates, must delete negative credit information associated with its loans and lines of credit, and may not represent that it can offer loans or lines of credit in D.C. without first obtaining a D.C. money lender license.
District Court orders debt-relief company to pay $41.1 million CMP
On February 7, the U.S. District Court for the Northern District of Illinois entered a default judgment and order against a debt-relief company (default defendant) accused of allegedly violating the Telemarketing Sales Rule (TSR) and the Consumer Financial Protection Act. As previously covered by InfoBytes, the Bureau filed the complaint in 2020 alleging that the company and its two owners (collectively, “defendants”) misrepresented material aspects of their student loan debt-relief services, and violated the TSR by requesting and receiving payment of disproportionate fees for their services before they altered or resolved the terms of the debts. The judgment against the default defendant imposes both permanent injunctive relief and monetary remedies including a $41.1 million civil monetary penalty. The default defendant must also pay $2.1 million in consumer restitution and is permanently enjoined from participating in the financial-advisory, debt-relief, or credit-repair service markets in any way, including through marketing or ownership of such services.
Judgments reached in SEC’s first crowdfunding regulation enforcement action
On January 28, the U.S. District Court for the Eastern District of Michigan issued judgments (see here and here) against a real estate company and its CEO in the SEC’s first crowdfunding regulation enforcement action. As previously covered by InfoBytes, the SEC filed a complaint last September alleging that several entities and related individuals participated in a fraudulent scheme to sell nearly $2 million of unregistered securities through two crowdfunding offerings. The complaint alleged that two of the entities issued securities without registering with the SEC, while their principals diverted investor funds for personal use rather than using the funds for the disclosed purposes. Without admitting or denying the SEC’s allegations, the real estate company and the CEO consented to be permanently enjoined from violating certain securities laws. The CEO also agreed to a prohibition on “acting as an officer or director of any issuer that has a class of securities registered pursuant to Section 12 of the Exchange Act [15 U.S.C. § 78l] or that is required to file reports pursuant to Section 15(d) of the Exchange Act [15 U.S.C. § 78o(d)].” The judgments decreed that, upon motion of the SEC, the court will decide whether disgorgement and/or civil money penalties are appropriate.
District Court partially grants summary judgment to defendants in FCA case
On February 1, the U.S. District Court for the Eastern District of California denied a relator’s (plaintiff’s) motion for summary judgment on an allegation of promissory fraud in violation of the False Claims Act (FCA) in a case against a rocket manufacturer and its subsidy (defendants). The court similarly denied the defendants’ cross-motion for summary judgment on the promissory fraud violation, but granted the defendants’ motion for summary judgment with respect to allegations of false certification in violation of the FCA. According to the opinion, the plaintiff, who was briefly employed by defendants as the senior director for Cyber Security, Compliance, and Controls, alleged that the defendants fraudulently induced the government to contract with the defendants in 18 contracts, while knowingly out of compliance with Defense Federal Acquisition Regulation 48 C.F.R. § 252.204– 7012 and NASA Federal Acquisition Regulation 48 C.F.R. § 1852.204-76, which impose cybersecurity and confidentiality requirements applicable to persons who receive government contracts. The court noted that plaintiff’s claims were based in part on allegations that defendants failed to disclose data breaches when required to do so. Conversely, defendants argued that they had disclosed their non-compliance with the identified regulations to the DoD and to NASA on multiple occasions and had been working with the government to obtain a waiver. In light of this, the court denied summary judgment on the promissory fraud violation, holding that “[a] genuine dispute of material fact exists as to the sufficiency of the disclosures[.]” The court also decreased the number of contracts the court will assess from 18 to 7, holding that the court will only rule on allegations that pertain to events before the case was filed in 2015. Similarly, the court granted defendants’ motion for summary judgment with respect to allegations of false certification on the grounds that “relator’s claim for false certification is based solely on an invoice payment under a NASA contract that was entered into after relator brought this action and is therefore not a proper basis for his false certification claim.”
District Court grants summary judgment in favor of debt collector
On January 31, the U.S. District Court for the Middle District of Florida granted summary judgment in favor of a defendant debt collector concerning alleged violations of the FDCPA. The plaintiff alleged that she received six phone calls from the defendant, starting in May of 2020, seeking to collect debt owed by the plaintiff’s granddaughter. The plaintiff allegedly explained to the defendant during the first call that she did not live with her granddaughter and that the defendant would not be able to reach the granddaughter through that number. She also allegedly requested the defendant stop calling. On June 27, 2020 the plaintiff filed suit alleging violations of Sections 1692d, 1692c(a)(1), and 1692e of the FDCPA and the Florida Consumer Collections Practices Act (FCCPA). The court dismissed the state law claim, as well as the plaintiff’s Section 1692d claim, after determining that “neither the volume and frequency nor the content of the calls constituted abusive or harassing conduct under the FDCPA or FCCPA.”
After reviewing the remainder of the FDCPA claims, the court ruled that the plaintiff’s Section 1692c(a)(1) claim failed because the protections afforded by Section 1692c(a)(1) are applicable only to a “consumer” meaning “any natural person obligated or allegedly obligated to pay any debt.” The court explained that because the plaintiff “did not owe the subject debt” the defendant was “entitled to judgment as a matter of law on” the Section 1692c(a)(1) claim. Additionally, the court determined that the plaintiff failed to show evidence that the defendant violated Section 1692e by making false, deceptive, or misleading representations when attempting to collect on the debt, because “[a] reasonable jury could not conclude from this record that the least sophisticated consumer would have been misled to believe that the purpose of the phone calls was to attempt to collect a debt from [the plaintiff].”
District Court approves class settlement in data breach
On January 28, the U.S. District Court for the Northern District of California granted a plaintiffs’ motion for final approval in a class action settlement alleging an online support services provider (defendant) failed to adequately secure and safeguard the payment card data and other personally identifiable information that it collected while customers shopped and interacted with customer service websites. According to the order, four companies contracted with the defendant to provide sales software, customer service software, and voice and chat agent services for sales support for online shoppers. However, according to the plaintiff class, the defendant was allegedly negligent in securing customers’ data, which permitted hackers to access their names, addresses, and credit card information, in violation of California’s Unfair Competition Law and Illinois' Consumer Fraud and Deceptive Business Practices Act. The plaintiff class also alleged that the defendant did not disclose the breach for a period of approximately six months after the breach was detected and fixed in October 2017. Under the terms of the settlement, class members are eligible to receive reimbursement from the defendant of up to $2,000 if documentation is provided to prove they incurred out-of-pocket expenses resulting from the intrusion, which includes unreimbursed bank fees, long distance calling charges and costs of credit reports or fraud reimbursement services purchased in the wake of the breach. Additionally, class members who assert that they spent three hours or less dealing with the breach can also separately receive compensation at a rate of $20 per hour for that lost time, and may claim an additional two hours of lost time “if they can provide adequate documentation of those additional two hours spent dealing with the [d]ata [i]ncident,” according to the order. The court also awarded class counsel $450,000 in attorney fees and litigation costs and expenses and $2,000 service awards to each of the three lead plaintiffs.