Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Filter

Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.

  • District Court rules transmitting debtor information to third-party violates FDCPA

    Courts

    On February 2, the U.S. District Court for the Eastern District of Pennsylvania denied a defendant’s motion for judgment on the pleadings, ruling that transmitting a debtor’s personal information to a third-party mail vendor for the purposes of sending a debt collection letter constitutes a communication “in connection with the collection of any debt” under the FDCPA. As previously covered by InfoBytes, in Hunstein v. Preferred Collection & Management Services, the U.S. Court of Appeals for the Eleventh Circuit held that transmitting a consumer’s private data to a commercial mail vendor to generate debt collection letters violates Section 1692c(b) of the FDCPA because it is considered transmitting a consumer’s private data “in connection with the collection of any debt.” The district court found this reasoning “persuasive,” ruling that the plain text of the statute encompasses communications with a third party mail vendor. The district court also rejected the defendant’s arguments that the CFPB and FTC had tacitly endorsed third-party mailers by not pursuing enforcement actions against them: “[B]ecause the agencies tasked with regulating and enforcing the FDCPA have not addressed the use of letter vendors by debt collectors in any legally significant way, and because the statutory language is not subject to a different reading, the Court will afford no deference to the indeterminate actions of the CFPB and FTC.”

    Courts Data Breach Class Action FDCPA Appellate Eleventh Circuit Hunstein Debt Collection

  • District Court approves class settlement in data breach

    Courts

    On January 28, the U.S. District Court for the Northern District of California granted a plaintiffs’ motion for final approval in a class action settlement alleging an online support services provider (defendant) failed to adequately secure and safeguard the payment card data and other personally identifiable information that it collected while customers shopped and interacted with customer service websites. According to the order, four companies contracted with the defendant to provide sales software, customer service software, and voice and chat agent services for sales support for online shoppers. However, according to the plaintiff class, the defendant was allegedly negligent in securing customers’ data, which permitted hackers to access their names, addresses, and credit card information, in violation of California’s Unfair Competition Law and Illinois' Consumer Fraud and Deceptive Business Practices Act. The plaintiff class also alleged that the defendant did not disclose the breach for a period of approximately six months after the breach was detected and fixed in October 2017. Under the terms of the settlement, class members are eligible to receive reimbursement from the defendant of up to $2,000 if documentation is provided to prove they incurred out-of-pocket expenses resulting from the intrusion, which includes unreimbursed bank fees, long distance calling charges and costs of credit reports or fraud reimbursement services purchased in the wake of the breach. Additionally, class members who assert that they spent three hours or less dealing with the breach can also separately receive compensation at a rate of $20 per hour for that lost time, and may claim an additional two hours of lost time “if they can provide adequate documentation of those additional two hours spent dealing with the [d]ata [i]ncident,” according to the order. The court also awarded class counsel $450,000 in attorney fees and litigation costs and expenses and $2,000 service awards to each of the three lead plaintiffs. 

    Courts Data Breach Class Action Privacy/Cyber Risk & Data Security Settlement

  • District Court grants class certification in robocall TCPA suit

    Courts

    On January 27, the U.S. District Court for the District of Arizona granted a plaintiff’s renewed motion for class certification in an action against a national bank defendant for allegedly contacting noncustomers with unauthorized robocalls, in violation of the TCPA. According to the plaintiff’s motion for class certification, the defendant allegedly placed calls with an artificial or prerecorded voice to the plaintiff class, who were not the defendant’s customers. The plaintiffs alleged that they did not consent to the calls, which regarded overdue credit card accounts, and sought to certify a nationwide class of those who received these calls since August 2014 despite not being a customer. Among other things, the defendant argued that the common questions of fact did not predominate because individualized determinations needed to be made to determine whether the defendant had consent to call a putative class member, and whether a prerecorded message actually played. The court determined, however, that the plaintiffs’ allegations were not only “typical of the class, they are largely identical.” Additionally, though the court noted that “some persons who otherwise would be class members may have consented to receive [the defendant’s] robocalls,” the court was ultimately “persuaded based on [the plaintiffs’] argument and past caselaw” that “individualized issues of consent can be overcome without resort to a series of minitrials.” The court further noted that “the basic questions in this case are the same for all class members: Did [the defendant] call a putative class member without authorization? And, did a prerecorded or artificial voice play during the call? If the answer to both questions is yes—and all evidence indicates that it will be yes for many putative class members—recovery is appropriate. Precedent ... demonstrates these questions can be litigated as a class.”

    Courts TCPA Class Action Robocalls

  • District Court grants final approval of $12 million class action settlement

    Courts

    On January 25, the U.S. District Court for the Southern District of Ohio granted final approval to a $12 million class action settlement resolving allegations that a calculation error in a national bank’s (defendant’s) software wrongly assessed the plaintiffs’ eligibility for loan modifications. The settlement class, which includes the defendant’s customers who, between 2010 and 2018, allegedly qualified for a home loan modification or repayment plan as required by government-sponsored enterprises or other federal agency requirements, but did not receive an offer for those services from the defendant. The plaintiff class accused the defendant of failing to “adequately test, audit, and verify that its software was correctly calculating whether customers met threshold requirements for a mortgage modification.” Additionally, the plaintiff alleged the bank discovered the issues in 2013, but did not make the issue public until 2018. According to the plaintiffs’ unopposed motion for preliminary approval, the deal will provide $9.1 million to class members with each class member receiving between $1,000 to $19,000, and 22.7 percent of the total settlement sum going towards attorney costs and fees.

    Courts Class Action Settlement Mortgages Consumer Finance

  • District Court grants motion to dismiss in CIPA class action

    Privacy, Cyber Risk & Data Security

    On January 25, the U.S. District Court for the Northern District of California granted a motion to dismiss a class action suit, in which plaintiffs alleged that the defendant continued to monitor mobile users’ browsing history even after being asked to cease and desist. In their third amended complaint, the plaintiffs alleged that the defendant violated the California Invasion of Privacy Act (CIPA) because, among other things, although “developers and consumers consented to [the defendant] uploading data to its servers for the developers’ use, … [the defendant] also retained a copy for its own use.” The defendant argued that the plaintiffs’ “conclusory statement that communications are intercepted is not enough to make out a § 631 claim [of the CIPA].”

    The CIPA claims against the defendant were previously dismissed because they “failed to aver simultaneous interception.” The plaintiffs also attempted to revitalize their breach of contract claim by arguing it was a unilateral contract, but the district court noted that “[u]nder this theory, a contract was created by [the defendant’s] provision of a button to adjust privacy settings, text describing what the button supposedly did, and [the plaintiffs’] clicking of that button.” The district court further noted that it is not enough to create a unilateral contract, and that “[the defendant] was not asking [the plaintiffs’] to click the button, let alone bargain for such performance, and [the plaintiffs’] could not have reasonably expected they were entering into a contract simply by adjusting their account settings.”

    Privacy/Cyber Risk & Data Security Courts Class Action CIPA

  • District Court approves $75 million overdraft settlement

    Courts

    On January 21, the U.S. District Court for the Western District of North Carolina granted final approval to a $75 million class action settlement to resolve allegations that a national bank improperly charged class members overdraft and insufficient fund fees (NSF). Class members include (i) individuals who held consumer checking and/or savings accounts at the bank who paid and were not refunded a retry transaction fee or one or more intrabank transaction fees; and (ii) checking and/or savings account holders who paid and were not refunded an overdraft or NSF fee on a transaction “that would not have been assessed if [the bank] had delayed the posting of previously assessed NSF/[overdraft] fees until the posting of a deposit that was sufficient to cover those fees, all outstanding debit transactions and any additional debit transactions made that day.” Under the terms of the settlement, the bank has agreed to pay $75 million into a settlement fund that will go towards class member payments, notice and administration costs, attorneys’ fee and expenses, and service awards. The bank must also stop assessing certain overdraft and NSF fees, improve its overdraft and NSF disclosures, and improve account disclosures and explanations related to circumstances where an account holder will incur an intrabank transaction fee, as well as disclosures for its fee accrual process.

    Courts Overdraft Settlement Class Action Consumer Finance

  • District Court finalizes BIPA class action settlement

    Privacy, Cyber Risk & Data Security

    On January 24, the U.S. District Court for the Northern District of Illinois granted final approval to a nearly $877,000 class action settlement to resolve allegations that a food manufacturer’s fingerprint-based timekeeping system violated Illinois’ Biometric Information Privacy Act (BIPA). Class members (both direct employees and temporary staffing workers who worked for the defendant between June 2015 and the date of preliminary approval) alleged that the defendant (i) collected biometric fingerprint identifiers and information without receiving informed written consent from employees; (ii) processed these identifiers and information “without establishing and following a publicly available data retention schedule and destruction policy”; and (iii) disclosed the employees’ identifiers and information to its timekeeping vendor without consent. The defendant contended that since 2020 it has maintained BIPA consents and compliance policies, and “does not retain any finger scan data for separated Illinois employees.” While denying all liability and wrongdoing, the defendant has agreed to pay $876,750 to cover class member payments, attorney fees and costs, settlement administrator costs, and the class representative’s service award.

    Privacy/Cyber Risk & Data Security BIPA Class Action State Issues Courts Settlement Illinois

  • District Court grants summary judgment for defendant in TCPA case

    Courts

    On January 18, the U.S. District Court for the Western District of Washington granted a motion for summary judgment in favor of an insurance company (defendant) with respect to a plaintiff’s TCPA allegations. The plaintiff alleged that the defendant, among other things, violated the TCPA by placing telephone calls to him and the putative class members whose telephone numbers are on the National Do Not Call (DNC) Registry. The defendant countered that the plaintiff spoke with the defendant during a 26-minute phone call and provided his personal information and consent to be called by the defendant. The plaintiff alleged that he had not submitted any information, and suggested that hackers may have been involved, and that he had engaged in a lengthy and detailed conversation with the defendant because he was “investigating” the identity of the caller and the motive for calling. However, the court noted that “the personal information [the plaintiff] disclosed during the call supports the contention that he in fact was interested in obtaining a quote and otherwise submitted an internet request,” and that no evidence supported the plaintiff having “investigative” motives. 

    According to the opinion, a “reasonable jury” would find that the defendant had permission to call the plaintiff and that, even if there were questions about whether the plaintiff had requested or consented to the disputed call, the procedures that the defendant had put in place to comply with the law brought it under the purview of the TCPA's safe harbor provision. The court also found that the defendant “produced significant evidence that as part of its routine business practice, it complies with the standards required by the safe harbor provision and had substantially complied with the purpose of the TCPA, ‘to protect consumers from the unwanted intrusion and nuisance of unsolicited telemarketing phone calls and fax advertisements,’ by only calling those who have requested a life insurance quote and consented to be called.”

    Courts Class Action Do Not Call Registry Consumer Protection TCPA

  • District Court dismisses data breach class action

    Courts

    On January 19, the U.S. District Court for the Southern District of New York dismissed a class action against a menswear company (defendant) accused of exposing personal information in a December 2020 data breach. According to the opinion, the plaintiff bought items on the defendant’s website in 2013, and more than six years later, hackers allegedly accessed the defendant’s backup cloud database and stole the personal information of the defendant’s online customers, including customers’ addresses, telephone numbers, email addresses, order history, Internet Protocol addresses, encrypted passwords, and partial credit card numbers. The defendant sent notices to affected customers, disclosing that “an unauthorized third party may have been able to view some of your account details, including your contact information and encrypted password.” The notice further explained that users’ encrypted passwords were protected so the actual passwords were not visible, and that users’ payment card information was not affected by the breach. The notice advised that the company was resetting the passwords and had logged users out of their accounts. In response to the message, the plaintiff allegedly changed his password, placed a security freeze on his credit, purchased credit repair and protection services, and purchased a robocall-blocking subscription. The plaintiff alleged that he “spent time dealing with the increased and unwanted spam, text[s], telephone calls, and emails” that he received after the data breach. In dismissing the lawsuit, the court explained that the plaintiff did not show he faced a “substantial” risk of identity theft or fraud. In addition, the court held that “given the nature and age of the data, the likelihood that its exposure would result in harm to [the plaintiff] is too remote to support standing.”

    Courts Class Action Data Breach Privacy/Cyber Risk & Data Security

  • District Court approves $1.8 million overdraft settlement

    Courts

    On January 14, the U.S. District Court for the Central District of California granted final approval to a $1.8 million class action settlement to resolve allegations that a credit union (defendant) improperly charged members overdraft and insufficient fund fees (NSF). The class members alleged they had wrongfully incurred more than one NSF fee on the same transaction when it was reprocessed again after initially being returned for insufficient funds. The class also alleged that the defendant’s contracts did not authorize such charges. The settlement allocated $715,500 to class members who were charged certain fees between May 2016 and October 2020, and $874,500 to class members who were charged certain fees between May 2016 and February 2020. The amount allocated to each class member is based on the former fees assessed against them. As part of the nearly $1.8 million settlement, the defendant must pay $1.59 million in cash, and must waive roughly $176,000 in uncollected at-issue fees.

    Courts Class Action Overdraft Settlement Consumer Finance

Pages

Upcoming Events