Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • DOJ Files First Criminal Action on CFPB Referral, CFPB Files Parallel Civil Suit

    Consumer Finance

    On May 7, the U.S. Attorney for the Southern District of New York announced mail and wire fraud charges against a debt settlement firm, its owner, and three of its employees. The government alleges the defendants lied to prospective customers about (i) fees associated with the company’s debt relief products, (ii) the company’s purported affiliation with the federal government and leading credit bureaus, and (iii) the results achieved for its customers. On the same day, the CFPB filed a civil complaint against the same debt relief provider and one other company in which the CFPB alleges the firms violated the FTC’s Telemarketing Sales Rule and the Dodd-Frank Act by charging consumers illegal advance fees for debt-settlement services. The CFPB is seeking to halt the operations, collect civil penalties, and obtain customer redress.

    CFPB FTC Dodd-Frank DOJ

  • FTC Approves Order Settling Data Breach Charges

    Federal Issues

    On May 3, the FTC approved a final order settling charges against a California-based cord blood bank firm alleged to have violated the FTC Act by failing to use reasonable and appropriate procedures for handling customers’ personal information, despite its privacy policy claims to the contrary. Further, the FTC alleged that the firm created unnecessary risks to personal information by transporting portable data storage devices containing personal information in a manner that made the information vulnerable to theft, and failed to prevent, detect and investigate unauthorized access to computer networks. According to the FTC, these practices resulted in a data breach in which certain portable devices were stolen from an employee’s personal vehicle and the personal information of nearly 300,000 customers was compromised. The settlement requires the company to establish a comprehensive information security program and submit to security audits by independent auditors every other year for 20 years, and prohibits the company from misrepresenting the privacy and security of information collected from consumers.

    FTC Privacy/Cyber Risk & Data Security

  • FTC Sharpens Focus on Data Brokers

    Federal Issues

    On May 7, the FTC released letters it sent to 10 data brokers warning that certain of the brokers’ practices could violate FCRA privacy protections. The announcement states that data broker companies that collect, distribute or sell information about consumers’ creditworthiness, eligibility for insurance, or suitability for employment are subject to FCRA, and as such, have an obligation to reasonably verify the identities of their customers and make sure that customers have a legitimate purpose for receiving consumer information. The letters were issued pursuant to an FTC “test-shopping” operation as part of an international privacy practice transparency sweep conducted by the Global Privacy Enforcement Network. The operation and subsequent warnings letters are the latest move by the FTC to address data broker compliance with FCRA. Last year, the FTC ordered certain data brokers to produce information about their collection and use of consumer data and announced at least one settlement with a data broker regarding FCRA compliance. However, the letters do not constitute an official notice that the companies are subject to FCRA or act as formal complaints, but rather “remind” the companies to review their practices to determine whether they are consumer reporting agencies subject to FCRA.

    FTC FCRA Privacy/Cyber Risk & Data Security

  • CFPB, FTC Announce Roundtable on Data Integrity in Debt Collection

    Fintech

    On May 1, the FTC and the CFPB announced a roundtable to “examine the flow of consumer data throughout the debt collection process” and discuss (i) the amount of documentation and other information currently available to different types of collectors and at different points in the debt collection process, (ii) the information needed to verify and substantiate debts, (iii) the costs and benefits of providing consumers with additional disclosures about their debts and debt-related rights, and (iv) information issues relating to pleading and judgment in debt collection litigation. The event will be held on June 6, 2013 in Washington, DC and is open to the public.

    CFPB FTC Debt Collection Data Collection / Aggregation Privacy/Cyber Risk & Data Security

  • FTC Updates COPPA FAQs

    Fintech

    On April 25, the FTC issued updated FAQs on the recently amended Children’s Online Privacy Protection Act Rule. The FAQs provide supplemental guidance designed to help website operators, mobile application developers, plug-ins and advertising networks operating on child-directed websites and online services prepare for the amended regulations, which take effect on July 1, 2013.

    FTC Privacy/Cyber Risk & Data Security

  • FTC Seeks Input on Privacy, Security Implications of Connected Consumer Devices

    Fintech

    On April 17, the FTC requested input on the consumer privacy and security issues posed by the connectivity of consumer devices in advance of a public workshop to be held on November 21, 2013. The request notes that connected devices can communicate with consumers, transmit data back to companies, and compile data for third parties. While advances in connected devices provide consumer benefits, greater connectivity also poses privacy and security risks. The FTC seeks comment on (i) the significant developments in services and products that make use of this connectivity, (ii) the technologies that enable this connectivity (e.g., RFID, barcodes, wired and wireless connections), (iii) the current and future uses of smart technology, (iv) consumer benefits, (v) privacy and security concerns, and (vi) how privacy risks should be weighed against potential societal benefits. The FTC is accepting comments through June 1, 2013.

    FTC Privacy/Cyber Risk & Data Security

  • CFPB Presents Annual FDCPA Report

    Consumer Finance

    On March 20, the CFPB presented to Congress its annual report on implementation and enforcement of the FDCPA. The report (i) summarizes the Bureau’s Consumer Response function, which does not currently cover debt collection complaints, and the number and types of consumer complaints regarding debt collection received by the FTC in 2012, (ii) describes the CFPB’s debt collection supervision program, (iii) presents recent enforcement and advocacy program developments, (iv) discusses recent education and outreach, as well as research and policy initiatives, and (v) discusses coordination and cooperation between the CFPB and the FTC. Because the FTC and the CFPB share FDCPA implementation and enforcement responsibilities, the report incorporates a letter from the FTC regarding its FDCPA-related activities. The CFPB reported that the FTC continues to receive more complaints for the debt collection industry than for any other. The report also highlights (i) the debt collection aspects of a CFPB enforcement action against a credit card company, (ii) the Supreme Court’s recent decision upholding court discretion to award costs to prevailing FDCPA defendant creditors, and (iii) FTC enforcement activities.

    CFPB FTC FDCPA Debt Collection

  • FTC Issues Report on Mobile Payment Consumer Protections

    Fintech

    On March 8, the FTC released a report on mobile payments by consumers. The report, based on a FTC workshop held in April 2012, focuses on financial, security, and privacy consumer protections. The FTC encourages companies to develop clear dispute resolution policies to address customer claims of fraudulent mobile payments or unauthorized charges. The report highlights “special concerns” with mobile carrier billings, in which mobile carriers place charges on phone bills on behalf of third-parties, based on the FTC’s concern that there are no federal statutory protections governing consumer disputes about fraudulent or unauthorized charges placed on mobile carrier bills. The FTC also encourages industry-wide adoption of strong security measures and suggests ways sensitive financial information can be kept secure during the mobile payment process, including end-to-end encryption. The report highlights the need for mobile payment companies to practice “privacy by design,” incorporating strong privacy practices, consumer choice, and transparency into their products from the outset. Finally, the report notes privacy issues arising from the consolidation of consumers’ personal information in the mobile payment process.

    FTC Mobile Payment Systems Privacy/Cyber Risk & Data Security

  • FTC Updates Guidance for Mobile and Internet Advertising Disclosures

    Fintech

    Yesterday, the FTC released guidance for mobile and other online advertisers. The new guidance, “.com Disclosures: How to Make Effective Disclosures in Digital Advertising,” adapts and expands prior FTC guidance to account for a decade’s worth of additional experience with online marketing practices, consumers’ increasing use of smartphones, and merchants’ increasing use of social media marketing.

    The new guidance highlights several key considerations for businesses as they develop advertisements for online and mobile media:

    • The same consumer protection laws – e.g. UDAP – that apply to commercial activities in other media apply online and in the mobile marketplace.
    • Limitations and qualifying information should be incorporated into any underlying claim, rather than provided as a separate disclosure qualifying the claim.
    • Marketing materials that may be viewed on a variety of platforms, including handheld devices, should be designed so that required disclosures are effectively delivered on all of the platforms.
    • Required disclosures must be clear and conspicuous, as determined by numerous factors.
    • If a disclosure is necessary to prevent an advertisement from being deceptive, unfair, or otherwise violative of a FTC rule, and it is not possible to make the disclosure clearly and conspicuously, then that ad should not be disseminated.

    To meet the clear and conspicuous standard, the FTC reminds advertisers that, generally, a disclosure should be placed as close as possible to the trigger claim, and that they should take account of the devices and platforms consumers may use to view the advertisement and disclosure. The FTC offers other specific guidance, with corresponding examples, for complying with the clear and conspicuous standard in online and mobile advertisements:

    • When a space-constrained ad requires a disclosure, incorporate the disclosure into the ad whenever possible. When it is not possible it may be acceptable to make the disclosure clearly and conspicuously on the page to which the ad links.
    • Hyperlinks used to lead to a disclosure should (i) be obvious, (ii) be labeled appropriately to convey the importance and relevance of the information it leads to, and consistently formatted, (iii) be placed as close as possible to the relevant information it qualifies, (iv) take consumers directly to the disclosure on the click-through page, and (v) be monitored for effectiveness and changed, if necessary.
    • Avoid requiring consumers to “scroll” in order to find a disclosure, or, when necessary, use text or visual cues to encourage consumers to scroll to view the disclosure.
    • Determine screen placement based on empirical research about where consumers do and do not look.
    • Recognize and respond to any technological limitations or unique characteristics of a communication method.
    • Display disclosures before consumers make a decision to buy, and consider repeating disclosures before a purchase is finalized.
    • Repeat disclosures, as needed, on lengthy websites and in connection with repeated claims.
    • For products intended or able to be purchased from “brick and mortar” stores or from online retailers other than the advertiser itself, the disclosure should be presented in the ad itself.
    • Prominently display disclosures, based on an evaluation of the size, color, and graphic treatment of the disclosure in relation to other parts of the webpage. Do not relegate disclosures to “terms of use” and similar contractual agreements.
    • Review the entire ad to assess whether the disclosure is effective in light of other elements that might distract consumers’ attention from the disclosure.
    • Use audio disclosures when making audio claims, and present them in a volume and cadence so that consumers can hear and understand them.
    • Display visual disclosures for a duration sufficient for consumers to notice, read, and understand them.
    • Use plain language and syntax so that consumers understand the disclosures.

    The updated guidance, and especially the FTC’s emphasis on the ability of marketing materials to effectively deliver disclosures across multiple platforms, should lead businesses with online marketing programs to carefully review and re-assess their marketing materials and methods of presentation.

    Fraud FTC Disclosures

  • Ramirez Expected to Chair FTC

    Fintech

    On February 28, the FTC announced that President Obama will designate Edith Ramirez as Chairman of the FTC, effective March 4, 2013. Ms. Ramirez became an FTC commissioner on April 5, 2010, and has focused on promoting competition and innovation in the technology and healthcare sectors, protecting vulnerable consumers from deceptive and unfair practices, and safeguarding consumer privacy. Prior to joining the FTC, Ms. Ramirez was a lawyer in private practice, and before that served as the Vice President on the Board of Commissioners for the Los Angeles Department of Water and Power.

    FTC Privacy/Cyber Risk & Data Security

Pages

Upcoming Events