Skip to main content
Menu Icon Menu Icon

InfoBytes Blog

Financial Services Law Insights and Observations


Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • District Court grants preliminary approval in BIPA settlement


    On November 4, the U.S. District Court for the Northern District of Illinois granted preliminary approval of a class action settlement resolving claims that a plasma donation center (defendant) unlawfully collected and stored the fingerprints of blood plasma donors. According to the memorandum of law in support of the plaintiff’s motion for preliminary approval, the plaintiff filed the proposed class action in 2019, alleging the defendant violated the Illinois Biometric Information Privacy Act (BIPA) by collecting thousands of fingerprints through a finger-scanning donor identification system without providing proper disclosures or obtaining informed written consent. The plaintiff further alleged that the defendant required her (and thousands of Illinois blood plasma donors) to provide a fingerprint to donate plasma, which was later used for identification on subsequent visits. The plaintiff alleged that by not requiring her informed consent and by disclosing her information to a third party, the defendant’s practice violated BIPA. According to the plaintiff’s motion, the settlement (if approved) would establish a settlement class of 76,826 Illinois blood plasma donors who were required to scan their finger at the defendant’s Illinois facilities prior to donating plasma. The settlement would provide payouts of approximately $400 to $800 per class member, assuming a claims rate of 10 percent to 20 percent, and permit class counsel to file for up to 35 percent of the settlement fund for attorney fees.

    Courts Class Action BIPA State Issues Illinois Privacy/Cyber Risk & Data Security Settlement

    Share page with AddThis
  • CFPB resolves UDAAP allegations with debt collection company


    On November 1, the U.S. District Court for the Western District of Missouri ordered a Missouri-based company to pay a $30,000 civil money penalty to resolve allegations that it used district-attorney letterhead to threaten consumers with criminal prosecution. As previously covered by InfoBytes, the CFPB filed a complaint against the company claiming it allegedly engaged in deceptive and otherwise unlawful debt collection acts and practices in the course of operating “bad-check pretrial-diversion programs on behalf of more than 90 district attorneys’ offices throughout the United States.” The complaint claimed that the company not only failed to include required FDCPA disclosures in the letters it sent to consumers, it also failed to identify itself in the letters and did not inform consumers that it was a debt collector and not a district attorney. Moreover, in most cases the company did not refer cases for prosecution, even if the check writer failed to respond to the collection letter, did not pay the alleged outstanding debt and fees, or failed to complete the financial-education course. Under the terms of the settlement, the company is, among other things, permanently banned from engaging in debt collection activities and is prohibited from disclosing, using, or benefiting from customer information obtained before the order’s effective date in connection with a Pre-Trial Bad Check Diversion Program. Additionally, the company may not “attempt to collect, sell, assign, or otherwise transfer any right to collect payment from any consumer who purchased or agreed to purchase services or products in connection” with the company’s program. The company is ordered to pay more than $1.4 million in redress to harmed consumers; however, full payment of this amount is suspended upon satisfaction of certain obligations due to the company’s financial condition. The $30,000 penalty also reflects the company’s limited ability to pay.

    Courts CFPB Enforcement Settlement Debt Collection FDCPA CFPA UDAAP Deceptive

    Share page with AddThis
  • District Court preliminarily approves $85 million class action privacy settlement


    On October 21, the U.S. District Court for the Northern District of California preliminarily approved an $85 million class action settlement to resolve privacy and data security allegations against a video conferencing provider. Class members claimed the company violated several California laws, including invasion of privacy, the “unlawful” and “unfair” prongs under the Unfair Competition Law, implied covenant of good faith and fair dealing, and unjust enrichment, among others. According to class members, the company unlawfully shared their personal data with unauthorized third parties, failed to prevent unwanted and unauthorized meeting disruptions, and misrepresented the strength of its end-to-end encryption measures. The court’s preliminary approval certified a nationwide settlement class of individuals who, between March 30, 2016 and the settlement date, “registered, used, opened or downloaded the [company’s] [m]eetings [a]pplication.” Under the terms of the preliminarily approved settlement, the company will establish an $85 million non-reversionary cash fund to pay valid claims, and will make several major changes to its practices to “improve meeting security, bolster privacy disclosures, and safeguard consumer data.” Among other things, the company will “provide in-meeting notifications to make it easier for users to understand who can see, save and share [their] information and content by alerting users when a meeting host or another participant uses a third-party application during a meeting.” Additionally, the company must educate users about available security features, and ensure its privacy statement discloses the ability of users to share user data with third parties through integrated third-party software, record meetings, and/or transcribe meetings.   

    Courts Privacy/Cyber Risk & Data Security Settlement Class Action State Issues

    Share page with AddThis
  • District Court approves non-party settlement in student debt-relief action


    On October 20, the U.S. District Court for the Central District of California approved a settlement with two non-parties in an action brought by the CFPB, the Minnesota and North Carolina attorneys general, and the Los Angeles City Attorney, alleging a student loan debt relief operation deceived thousands of student-loan borrowers and charged more than $71 million in unlawful advance fees. As previously covered by InfoBytes, the complaint asserted that the defendants violated the CFPA, the Telemarketing Sales Rule, and various state laws. Amended complaints (see here and here) also added new defendants and included claims for avoidance of fraudulent transfers under the FDCPA and California’s Uniform Voidable Transactions Act, among other things. A stipulated final judgment and order was entered against the named defendant in July (covered by InfoBytes here), which required the payment of more than $35 million in redress to affected consumers, a $1 civil money penalty to the Bureau, and $5,000 in civil money penalties to each of the three states. The court also previously entered final judgments against several of the defendants, as well as a default judgment and order against two other defendants (covered by InfoBytes hereherehere, and here). The most recent settlement resolves a dispute between a court-appointed receiver and the two non-parties. The settlement requires the non-parties to pay $675,000 to the receiver.

    Courts CFPB Enforcement State Attorney General State Issues CFPA UDAAP Telemarketing Sales Rule FDCPA Student Lending Debt Relief Consumer Finance Settlement

    Share page with AddThis
  • Meal-kit delivery service reaches $14 million TCPA class action settlement


    On October 15, the U.S. District Court for the District of Massachusetts granted final approval to a $14 million TCPA class action settlement, resolving allegations that a meal-kit delivery service (or its vendor) placed telemarketing calls to customers’ phone numbers. Class members consist of customers who (i) received one or more calls placed using a dialing platform; (ii) received at least two telemarketing calls during any 12-month time period where their phone numbers were on the National Do Not Call Registry for at least 31 days before the call was placed; and/or (iii) received one or more calls after registering their phone numbers with the company’s internal do-not-call list. As part of the $14 million settlement, class counsel will receive more than $3.4 million in attorneys’ fees and costs and the settlement administrator will receive $450,000. Two named plaintiffs will receive service payments of $10,000 each, while another seven named plaintiffs will each receive service payments ranging from $2,000 to $5,000.

    Courts Class Action TCPA Telemarketing Settlement

    Share page with AddThis
  • District Court grants final approval in BIPA settlement


    On October 13, the U.S. District Court for the Northern District of Illinois granted final approval to a $2.6 million class action settlement between a sports entertainment chain (defendant) and a class of former employees, resolving allegations that the defendant was responsible for improperly collecting and storing employees’ data in violation of Illinois’ Biometric Information Privacy Act (BIPA). According to the final settlement (which was preliminarily approved in June by the court), plaintiffs alleged that the defendant violated BIPA by collecting and disclosing Illinois employees’ biometric data through a finger-scan timekeeping system without following BIPA’s written disclosure and consent requirements. The gross settlement fund is approximately $2.6 million, with $22,000 awarded to the settlement administrator, approximately $865,000 allocated for attorney fees, and nearly $35,000 designated for litigation costs.

    Courts Class Action BIPA Privacy/Cyber Risk & Data Security Settlement State Issues

    Share page with AddThis
  • District Court approves $92 million class action settlement over privacy violations


    On September 30, the U.S. District Court for the Northern District of Illinois granted preliminary approval of a class action settlement, resolving claims that a China-based technology company and its subsidiaries (collectively, “defendants”) violated Illinois’ Biometric Information Privacy Act (BIPA), among other things, by defying state and federal privacy laws through a social media platform and entertainment application (app). The first of the 21 putative class actions comprising this multidistrict litigation were filed in 2019, and the other 20 putative class actions were filed in 2020 in separate federal districts. Class members, comprised of U.S. residents who used the app prior to preliminary approval, and an Illinois subclass of all Illinois residents who used the app to create videos before preliminary approval, filed a consolidated amended class action complaint in 2020, claiming that the defendants harvested and profited from users’ private information, including their biometric data, geolocation information, personally identifiable information, and unpublished digital recordings. The defendants argued, among other things, that the class members consented to the alleged misconduct by accepting the app’s terms of service.

    Under the terms of the preliminarily approved settlement, the defendants must pay “$92 million in monetary relief and an array of injunctive relief for the putative settlement class.” The settlement also requires the defendants to, among other things: (i) refrain from using the app to collect or store certain U.S. user data, including biometric data and geolocation information, without making the necessary disclosures; (ii) delete all pre-uploaded user-generated content collected from U.S. users who did not “save” or “post” the content; and (iii) require a new, yearly training program for the defendants’ employees and contractors regarding compliance with data privacy laws.

    Courts Illinois State Issues Privacy/Cyber Risk & Data Security Class Action BIPA MDL Settlement

    Share page with AddThis
  • Auto-financer settles with DOJ on SCRA allegations

    Federal Issues

    On September 29, the DOJ announced a settlement with a California-based auto-financing company resolving allegations that the company failed to refund up-front lease payments to servicemembers who lawfully terminated their motor vehicle leases early, in violation of the Servicemembers Civil Relief Act (SCRA). According to the press release, the SCRA “permits servicemembers to terminate motor vehicle leases early without penalty after entering military service or receiving qualifying military orders for a permanent change of station or to deploy.” When servicemembers end their motor vehicle leases early under the SCRA, the lessor must refund all lease payments made in advance under the SCRA. The settlement, filed by the DOJ in the U.S. District Court for the Central District of California, alleged that the company provided cash refunds for capitalized cost reduction (CCR) by servicemembers, but failed “to refund, on a pro rata basis, lease amounts—in the form of [CCR] from vehicle trade-in value—paid in advance by servicemembers who lawfully terminated their motor vehicle leases upon receipt of qualifying military orders.”

    Among other things, the settlement requires the company to compensate 714 servicemembers, pay $64,715 to the U.S. Treasury, adopt new policies, and implement new training requirements consistent with the SCRA. The settlement also notes that the company fully cooperated with the investigation.

    Federal Issues DOJ Enforcement Settlement SCRA Auto Finance

    Share page with AddThis
  • OFAC reaches multiple settlements with companies that exported goods to Russia and Sudan

    Financial Crimes

    On September 27, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a roughly $1.4 million settlement with a Texas-based supplier of goods and services for the oil and gas industries (a subsidiary of a Netherlands corporation) for allegedly approving contracts that allowed a foreign subsidiary to supply goods to a Russian energy firm blocked under Directive 4 of Executive Order (E.O.) 13662, “Blocking Property of Additional Persons Contributing to the Situation in Ukraine,” as implemented by the Ukraine-Related Sanctions Regulations. According to OFAC’s web notice, between July 2015 and November 2016, U.S.-senior managers at the company approved five contracts for its foreign subsidiary to supply oil and exploration goods to the blocked energy firm, thus constituting a “prohibited provision of services involving a person determined to be subject to Directive 4 ([the blocked energy firm]), its property, or its interests in property.”

    In arriving at the settlement amount, OFAC considered various aggravating factors, including, among other things, that (i) U.S. senior managers knew that their approvals were for contracts to supply goods to a blocked entity; (ii) the company “acted directly contrary to U.S. foreign policy objectives by approving the sale of oil production or exploration equipment to an entity subject to the restrictions of Directive 4”; and (iii) the company should have recognized the risk involved when the contracts were approved.

    OFAC also considered various mitigating factors, including, among other things, that the company took meaningful corrective actions upon discovering the alleged violations to ensure sanctions compliance, and cooperated with OFAC’s investigation and entered into tolling agreements.

    OFAC separately reached a $160,000 settlement with a subsidiary of a subsidiary of the same Netherlands corporation for its apparent violation of OFAC’s now-repealed Sudanese Sanctions Regulations. According to OFAC’s web notice, three of the subsidiary’s U.S. employees allegedly facilitated the sale and shipment of oilfield equipment intended for delivery to Sudan, which was, at the time of the transaction, an apparent violation.   

    Financial Crimes OFAC Department of Treasury Of Interest to Non-US Persons OFAC Sanctions Enforcement Settlement Russia Sudan

    Share page with AddThis
  • OFAC reaches settlement with Texas technology company

    Financial Crimes

    On September 9, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) announced a roughly $190,000 settlement with a Texas-based company for allegedly knowingly exporting goods, technology, and services in violation of the Iranian Transactions and Sanctions Regulations. According to OFAC’s web notice, between December 2013 and May 2018, the company exported 49 products from the U.S. to two third-country distributors with prior knowledge, or reason to know, that its products were intended specifically for a reseller in Iran. The Iranian reseller then sold three of the exported products to an entity on OFAC’s SDN List, at the time of the relevant exports. On at least three occasions, the company also allegedly provided support, software updates, reseller training, or other services in support of sales to customers located in Iran.

    In arriving at the settlement amount, OFAC considered various aggravating factors, including, among other things, that the company: (i) demonstrated reckless disregard for U.S. sanctions regulations by authorizing distribution and support of its goods; (ii) possessed knowledge of the conduct; and (iii) “caused harm to U.S. sanctions objectives by facilitating access to the bank’s products and support services by resellers and users in Iran.”

    OFAC also considered various mitigating factors, including, among other things, that the: (i) “volume and total amount of payments underlying the Apparent Violations was not significant compared to [the company’s] overall revenue”; (ii) the company demonstrated remedial actions, including establishing export controls and sanctions compliance policies and procedures; and (iii) the company cooperated with OFAC’s investigation.

    Financial Crimes OFAC Of Interest to Non-US Persons Department of Treasury Settlement OFAC Sanctions Enforcement OFAC Designations Iran

    Share page with AddThis