Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On April 24, the FTC announced separate settlements with the operators of an online rewards website and a dress-up games website to resolve allegations concerning poorly implemented data security measures and Children’s Online Privacy Protection Act (COPPA) violations. According to the FTC, the online rewards website operator collected personal information (PII) from users who participated in their online offerings and made promises that their account information was secure. However, the operator allegedly failed to implement data security measures or utilize encryption techniques, which granted hackers access to the network. In addition, the operator allegedly maintained PII in clear unencrypted text. As a result of the breach, hackers published and offered for sale PII for approximately 2.7 million consumers. Under the terms of the decision and order, the operator is, among other things, prohibited from misrepresenting the measures taken to protect consumers’ PII and is required to implement a comprehensive information security program for future collections of PII.
On the same day, the FTC reached a proposed settlement with a dress-up games website and its operators, who allegedly violated COPPA by failing to obtain parental consent before collecting personal information from children under 13 or provide reasonable and appropriate security for the collected data. According to the FTC, data security failures allowed hackers access to the company’s network, which stored information for roughly 245,000 users under age 13. As part of the proposed settlement filed in the U.S. District Court for the Northern District of California, the company and operators, among other things, (i) have agreed to pay $35,000 in civil penalties; (ii) will change their business practices to comply with COPPA; and (iii) are prohibited from selling, sharing, or collecting personal information until a comprehensive data security program is implemented and undergoes independent biennial assessments.
FTC obtains $2.7 million judgment against “free samples” operation; settles deceptive marketing matter
On April 11, the FTC announced that the U.S. District Court for the Northern District of Illinois ordered a New York-based office supply operation to pay $2.7 million to resolve allegations that the defendants targeted consumers, such as small businesses, hotels, municipalities, and charitable organizations, by deceptively misrepresenting the terms of their “free samples.” Specifically, the FTC alleged in 2017 that the defendants violated the Telemarketing and Consumer Fraud and Abuse Prevention Act (Telemarketing Act) and the Unordered Merchandise Statute by calling consumers with offers of free product and then billing the consumers after shipping the samples. In some instances, the FTC stated, consumers refused the offer of the free product, but the defendants sent it anyway. Once the samples were shipped, the FTC claimed the defendants sent follow-up invoices demanding payment for the product, and would then send dunning notices and place collection calls. Under the terms of the order, the defendants are permanently banned from advertising, marketing, promoting, offering for sale, or selling any type of unordered merchandise, or from misrepresenting material facts, and are required to pay $2.7 million to be refunded to affected consumers.
Separately, on April 10, the FTC announced proposed settlements (see here and here) issued against twelve corporate and four individual defendants for allegedly claiming their “cognitive improvement” supplements increase brain power and performance. According to the complaint, the defendants’ deceptive acts and practices included using “sham news” websites to market false and misleading efficacy claims, such as fraudulent celebrity endorsements and fictitious clinical studies. Furthermore, the FTC alleged that, while the defendants claimed to offer a “100% Money Back Guarantee” on their supplements, consumers found it difficult or nearly impossible to get a refund, and that some consumers were allegedly charged for supplements they ordered but never received. The proposed settlements, among other things, prohibits the specified behavior and impose monetary judgments of $14,564,891 and $11,587,117, both of which will be partially suspended due to the defendants’ inability to pay.
On April 11, the FTC announced that a payment processing company and its owner agreed to a $1.8 million settlement resolving allegations that the company repeatedly violated a 2009 court order. That order found that the payment processer knowingly or consciously avoided knowing that debit card transactions it processed, on behalf of an allegedly fraudulent enterprise, were not authorized by the consumers. The FTC alleged that the company violated the 2009 order by, among other things, (i) failing to engage in a reasonable investigation of prospective clients before processing payments on their behalf; (ii) failing to monitor clients’ transactions to ensure that clients were not engaged in illegal behavior; and (iii) failing to adhere to administrative requirements of the order, including submitting a written compliance report to the agency. In addition to the monetary penalty, the new settlement permanently bans the company from working as a payment processor and subjects the company to reporting and recordkeeping requirements.
On April 3, the FTC announced that the U.S. District Court for the District of Nevada ordered a publisher and conference organizer and his three companies (defendants) to pay more than $50.1 million to resolve allegations that the defendants made deceptive claims about the nature of their scientific conferences and online journals, and failed to adequately disclose publication fees in violation of the FTC Act. Among other things, the FTC alleged, and the court agreed, that the defendants misrepresented that their online academic journals underwent rigorous peer reviews but defendants did not conduct or follow the scholarly journal industry’s standard review practices and often provided no edits to submitted materials. The court determined that the defendants also failed to disclose material fees for publishing authors work when soliciting authors and often did not disclose fees until the work had been accepted for publication. The court also found that the defendants falsely advertised the attendance and participation of various prominent academics and researchers at conferences without their permission or actual affiliation.
In addition to the monetary judgment, the final order grants injunctive relief and (i) prohibits the defendants from making misrepresentations regarding their publications and conferences; (ii) requires that the defendants clearly and conspicuously disclose all costs associated with publication in their journals; and (iii) requires the defendants to obtain express written consent from any individual the defendants represent as affiliated with their products or services.
On the same day, the FTC also announced a settlement with a subscription box snack service to resolve allegations that the company violated the FTC Act by misrepresenting customer reviews as independent and failing to adequately disclose key terms of its “free trial” programs. Specifically, the FTC alleged that the company provided customers with free products and other incentives in exchange for posting positive online reviews and misrepresented that independent customers made the reviews or posts. The company also allegedly offered “free trial” snack boxes without adequately disclosing key terms of the offer, including the stipulation that if the trial was not canceled on time, the customer would be automatically enrolled as a subscriber and charged the “total amount owed for six months of snack box shipments.” The proposed order, among other things, prohibits the specified behavior and requires the company to pay $100,000 in consumer redress.
On April 2, the FTC announced that it joined the Food and Drug Administration (FDA) in sending letters to three supplement companies warning them that making allegedly unsupported health and efficacy claims in their advertising may violate the FTC Act. According to the letters (available here, here, and here), the three companies advertise supplements they say contain cannabidiol (commonly known as CBD), and, allegedly, among other things, effectively treat diseases such as cancer, Alzheimer’s disease, fibromyalgia, and neuropsychiatric disorders. The letters emphasize that it is unlawful under the FTC Act “to advertise that a product can prevent, treat, or cure human disease unless you possess competent and reliable scientific evidence, including, when appropriate, well-controlled human clinical studies, substantiating that the claims are true at the time they are made.” The letters also note that the products constitute “new drugs” and cannot be introduced or delivered into interstate commerce without prior FDA approval. The letters appear related to the FTC’s initiative to target advertisers who make deceptive claims about their products. As previously covered by InfoBytes, FTC Chairman, Joseph Simons, spoke about this initiative at a recent conference, and cited several of the agency’s enforcement actions, including challenges to dietary supplement health benefit claims and deceptive environmental claims. Additionally, he stated the agency is prepared to “proceed in federal court as warranted.”
On March 27, the FTC announced it had entered into two stipulated orders for permanent injunction and monetary judgment (see here and here) against an office supply company and its California-based tech-support services vendor (defendants) for allegedly violating the FTC Act by selling computer repair and technical services to consumers who were told the company’s software program had detected malware symptoms on their computers. According to the FTC’s complaint, from approximately 2009 to November 2016, the defendants allegedly used a software program marketed as a “PC Health Check Program”—among other names—to “facilitate the sale of computer repair services to . . . retail customers.” The program, which claimed to detect malware symptoms on consumers’ computers, actually based the results on answers to questions consumers were asked at the beginning of the program, including whether the computer had issues with displayed pop-up ads or other problems, ran slow, received virus warnings, or crashed often. The FTC claimed the scan had no connection to the malware symptoms results and that, since at least 2012, the defendants allegedly knew that the program falsely reported malware symptoms but continued to reward store managers and employees who generated sales from the program until late 2016. The proposed order imposes a combined $35 million monetary judgment, bans the office supply company from making misrepresentations concerning the security or performance of consumers’ electronic devices, and requires the company to ensure that existing and future software providers do not engage in the prohibited conduct. The order also prohibits the vendor from misrepresenting or helping others to misrepresent the performance or detection of security issues on consumers’ electronic devices.
On March 26, the FTC announced settlements issued against four separate operations for allegedly placing billions of illegal robocalls to consumers selling auto warranties, debt-relief services, home security systems, veterans’ charities and Google search results services. The actions are part of the FTC’s ongoing efforts to combat illegal robocalls. According to the FTC, the companies—along with several of their affiliates and leaders—allegedly violated the FTC Act and the Telemarketing Sales Rule (TSR), including its Do Not Call provisions.
Proposed settlements issued against two related operations and their leaders—who, according to the FTC’s complaint, developed and enabled a software dialing platform that resulted in more than one billion robocalls—ban the defendants from engaging in telemarketing activities utilizing an autodialer, and imposes judgements ranging from $1 million to $2.7 million, of which two are fully suspended due to the defendants’ inability to pay. The FTC also reached a final settlement against defendants who allegedly placed robocalls to pitch fake debt-relief services promising lowered credit card interest rates and interest payment savings. The order permanently bans the defendants from engaging in telemarketing and debt-relief services, and imposes a $3.15 million judgment, which will be suspended following the turnover of available assets. Separately, the FTC reached a proposed settlement with a defendant who allegedly used robocalls promoting fake veterans’ charities to solicit donations, which he eventually sold for his own benefit. The proposed order bans the defendant from engaging in telemarketing services or soliciting charitable contributions, prohibits him from making future misrepresentations, and imposes a $541,032 monetary judgment, which will also be suspended following the turnover of available assets. Finally, the FTC announced proposed settlements against three defendants (see here, here, and here) whose Florida-based operations allegedly violated the TSR by falsely claiming to represent Google and making threats and promises to businesses concerning search results and page placements. The terms of the proposed settlements, among other things, ban the defendants from deceptive sales practices, and require the defendants to disclose their identities during telemarketing sales calls. Monetary judgements imposed against the defendants and their companies range from $1.72 million to $3.62 million, and will be partially suspended due to their inability to pay.
On March 20, FTC Chairman Joseph Simons spoke at the 2019 ANA Advertising Law and Public Policy Conference to discuss FTC consumer protection initiatives, including those that target advertisers who make deceptive claims about their products. Simons noted that focusing solely on fraudulent advertising is not sufficient, and that the FTC is committed to investigating deceptive advertising intended to mislead consumers, even if the product or service is legitimate. Simons cited several recent enforcement actions, including challenges to dietary supplement health benefit claims and deceptive environmental claims, and stated the agency is prepared to “proceed in federal court as warranted.” (See InfoBytes coverage here and here.) Simons also commented that the FTC is rethinking its approach to the types of remedies used to enforce consumer protection laws in order to both deter future violations and provide meaningful relief to harmed consumers.
Concerning targeted advertising and its connection to privacy concerns, Simons discussed three relevant “fundamental principles of consumer protection”: companies should (i) be fully transparent about the true nature of their data collection and sharing practices; (ii) focus on consumer outcomes when making business decisions to use consumer data; and (iii) make themselves aware of the practices of companies with whom they do business.
On March 20, the CFPB and the FTC released (here and here) their annual report to Congress on the administration of the FDCPA, which highlights the 2018 efforts of the agencies. The agencies coordinate in enforcement; share supervisory and consumer complaint information; and collaborate on education under a memorandum of understanding that was reauthorized in February. (Covered by InfoBytes here.) In the report, the Bureau acknowledges its intent to release a Notice of Proposed Rulemaking on debt collection covering issues such as “communication practices and consumer disclosures” in spring 2019. In addition to highlighting the Bureau’s debt collection education efforts, the report also states that in 2018 the Bureau (i) received approximately 81,500 debt collection complaints related to first-party and third-party collections; (ii) initiated six public enforcement actions alleging violations of the FDCPA, one resulting in an $800,000 civil money penalty; and (iii) identified one or more violations of the FDCPA through supervisory examinations.
As for the FTC, in addition to education efforts, the report states that in 2018 the agency (i) initiated or resolved seven enforcement actions, three of which were related to phantom debt collection, obtaining more than $58.9 million in judgments; (ii) returned money to thousands of consumers who were targeted by phantom debt collection operations; and (iii) banned 32 companies and individuals from working in the debt collection market.
On March 15, the FTC released its annual report highlighting the agency’s privacy and data security work in 2018. Among other items, the report highlights consumer-related enforcement activities in 2018, including:
- an expanded settlement with a global ride-sharing company over allegations that the company violated the FTC Act by deceiving consumers regarding the company’s privacy and data practices (covered by InfoBytes here).
- a settlement with a global online payments system company to resolve allegations that its payment and social networking service failed to adequately disclose to consumers that transfers to external bank accounts were subject to review and that funds could be frozen or removed based on a review of the underlying transaction (covered by InfoBytes here).
- a settlement with a Texas-based company over allegations that it violated the FCRA by failing to take reasonable steps to ensure the accuracy of tenant-screening information furnished to landlords and property managers (covered by InfoBytes here).
The report also highlighted the FTC’s hearings on big data, privacy, and competition conducted through its Hearings on Competition and Consumer Protection in the 21st Century initiative. (Covered by InfoBytes here and here.)
- Jonice Gray Tucker to discuss "MCCA's blueprint for selling & buying - A pitch workshop for outside counsel" at the Minority Corporate Counsel Association Creating Pathways to Diversity Conference
- Buckley Webcast: Get ready for CCPA
- Daniel P. Stipano to discuss "BSA/AML culture of compliance roundtable" at the FiSCA Annual Conference
- Daniel P. Stipano to discuss "Is there a better way to fight money laundering" at the FiSCA Annual Conference
- Michelle L. Rogers to discuss "What's trending in enforcement" at the Mortgage Bankers Association Annual Convention & Expo
- Kathryn L. Ryan and Moorari K. Shah to discuss "Today's regulatory environment - Are you in the know?" at the Equipment Leasing and Finance Association Annual Convention
- Buckley Webcast: Smoke and mirrors: Navigating the regulatory landscape in banking the marijuana industry
- H Joshua Kotin to discuss "CMS - Components of a successful monitoring program" at the RegList Annual Workshop
- Tim Lange to discuss "Temporary authority to operate - Are you prepared? Hear what the states are doing" at the RegList Annual Workshop
- Sherry-Maria Safchuk to discuss "Cybersecurity" at the RegList Annual Workshop
- Jeffrey P. Naimon to discuss "Hot topics in mortgage origination" at the Conference on Consumer Finance Law Annual Consumer Financial Services Conference
- Jonice Gray Tucker to discuss "Fintech regulatory developments, crypto-assets, blockchain and digital banking, and consumer issues" at the Practising Law Institute Banking Law Institute
- Amanda R. Lawrence to discuss "How to balance a successful (and stressful) career with greater personal well-being" at the American Bar Association Women in Litigation Joint CLE Conference