Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On August 20, the U.S. Court of Appeals for the 9th Circuit held that the plaintiff bears the burden of establishing a defendant’s net worth when seeking an award of class statutory damages in an FDCPA action. The appeals court affirmed the lower court’s dismissal of the plaintiff’s class action, which alleged a law firm’s letters violated the FDCPA by using “false, deceptive, or misleading representation[s].” The panel found that the language of the FDCPA’s class statutory damages provision—"not to exceed the lesser of $500,000 or 1 per centum of the net worth of the debt collector"— makes it clear that a defendant’s net worth is a prerequisite to establishing statutory damages. The court noted that the FDCPA is silent as to which party bears the burden, but the “ordinary default rule” establishes the burden upon the party seeking relief and there is no reason to believe Congress intended otherwise under the FDCPA. The court rejected the plaintiff’s argument that because the defendant has “superior access” to the evidence of net worth, it must bear the burden because it is “not uniquely difficult for consumer plaintiffs to acquire the debt collector’s financial information.” Because the plaintiff failed to present evidence of the law firm’s net worth, the 9th Circuit concluded the lower court was correct in dismissing the action.
On July 30, a New Jersey state appeals court reversed a lower court’s judgment awarding consumers over $1.8 million in connection with allegations that a national bank’s predecessor violated the state’s Consumer Fraud Act (CFA) by misrepresenting information to the town’s planning board in order to secure approvals for a housing development. Specifically, the plaintiffs had argued that, because of misrepresentations to the town’s planning board, the construction of a housing development was approved and resulted in the flooding of their home. According to the plaintiffs, the national bank’s predecessor was aware that their housing section could be susceptible to groundwater runoff but concealed the information from the planning board, and that had the planning board been aware of the information, the board would have denied the plans and the plaintiffs’ home would not have flooded. A jury agreed, and the trial court ultimately awarded the plaintiffs almost $50,000 in treble damages under the CFA claim, and $1.8 million in fees and expenses, along with smaller amounts of damages for nuisance and trespass claims.
On appeal, the panel reversed the damages for the CFA claims, including the fee award, holding that “there is a complete lack of proof of a causal connection” between the predecessor’s misrepresentations and the plaintiffs’ decision to purchase their residence. The court rejected the plaintiffs’ arguments that had the misrepresentations not been made, the construction of the development would have been denied and their house would not have flooded. The court concluded the argument was “speculative and attenuated” and there was no proof the development “would not have been built by another developer.”
On June 25, the U.S. District Court for the District of Maryland dismissed a proposed class action alleging a national bank violated the Maryland Credit Grantor Closed End Credit (CLEC) law by charging “convenience fees” in connection with secured vehicle financing. According to the opinion, after the consumer defaulted on vehicle payments, the bank repossessed the consumer’s vehicle and demanded the consumer pay the deficiency balance. In August 2017, the consumer, on behalf of herself and others similarly situated, filed a class action against the bank for allegedly charging convenience fees in connection with over 500 retail installment sales contracts for vehicles governed under the CLEC. Upon removal to federal court, the consumer sought to amend her complaint to replace the CLEC claim with a breach of contract claim based on the same violation in her original complaint and the bank sought dismissal of the claim. The court granted the bank’s motion to dismiss, concluding that even if the bank did charge a convenience fee in violation of the CLEC, the bank (i) did not collect payments in excess of the original principle amount of the loan; and (ii) did not seek a deficiency judgment against the consumer. Additionally, the consumer did not seek injunctive or declaratory relief. Therefore, the court held that the consumer is not entitled to damages under CLEC and her corollary breach of contract claim is “futile and must be dismissed.”
On April 10, the U.S. Court of Appeals for the 7th Circuit affirmed the district court’s dismissal of a RESPA action because the plaintiff did not properly establish actual damages arising out of her non-receipt of a response to her Qualified Written Request (QWR) to the bank. The opinion explains that the plaintiff’s property was vandalized in 2014 and the bank received insurance money to escrow for repairs. In 2015, the bank released funds for the repairs and subsequently, the plaintiff’s contractor abandoned the job; the property was then vandalized twice more. On September 5, 2015, the plaintiff sent the bank a letter asking about the status of her loan, specifically regarding how insurance money was being handled. The bank sent a response to the letter on September 25, 2015, but the plaintiff alleges she never received the bank’s response and contends the bank’s failure to respond to her QWR caused her emotional distress and contributed to her divorce. The 7th Circuit agreed with the district court that the plaintiff failed to establish how a response to her QWR would have resolved her financial inability to make the required repairs since RESPA does not require the bank to pay money in response to a written request. Moreover, the Appeals Court held that some of the plaintiffs asserted injuries, such as her divorce, are outside the scope of RESPA.
On March 21, the South Dakota governor signed SB 62, which requires companies that hold consumers’ personal information to (i) notify consumers within 60 days of a data breach; and (ii) notify the state Attorney General if more than 250 consumers are affected. Notice must be provided to consumers either by mail; electronic notice; or, in certain circumstances, substitute notice (e.g., a posting on the company’s website or notification to statewide media). The law gives the state Attorney General the authority to prosecute a failure to disclose a data breach as a deceptive act or practice under South Dakota’s consumer protection laws, which can result in penalties of up to $10,000 a day per violation. A disclosure is not required if notice is given to the state Attorney General and following an “appropriate investigation,” the company determines that the breach “will not likely result in harm to the affected person.” The law is effective July 1.
A similar measure was signed by the Oregon governor on March 16. Effective on or about June 10, Oregon’s SB 1551 mandates that a person or entity that “owns, licenses, or otherwise possesses personal information” that suffered a security breach must notify the affected consumers within 45 days and, if more than 250 consumers were affected, must also notify the state Attorney General. The person or entity must also undertake reasonable measures to “determine scope of breach of security and to restore reasonable integrity, security and confidentiality of personal information.” Additionally, the law sets out guidelines regarding credit monitoring services and security freezes:
- Credit Monitoring Services. Among other things, SB 1551 provides that if a person or entity offers free credit monitoring services to affected consumers, the entity may not require a credit or debit card number as a condition for the service. If additional identity theft services are offered for a fee, the person or entity must “separately, distinctly, clearly and conspicuously” disclose the charging of the fee.
- Security Freezes. SB 1551 prohibits a consumer reporting agency from charging a fee for placing, temporarily lifting, or removing a security freeze. Moreover, it prevents credit reporting agencies from charging fees for replacing a lost personal identification number or password. Recently, Michigan, Utah, Washington, and Virginia enacted similar prohibitions (previously covered by InfoBytes, here, here, and here).
California judge limits plaintiffs’ ability to seek certain punitive damages in internet data breach
On March 9, the U.S. District Court for the Northern District of California partially granted a motion to dismiss limiting plaintiffs’ ability to seek certain punitive damages for data breaches. The court also held that the plaintiffs cannot seek claims under the California Customer Records Act (CRA). The consolidated litigation results from announcements that hackers had breached the defendant’s systems and accessed users’ personal information in multiple attacks between 2013 and 2016. While the court kept several claims alive, including one alleging company executives purposefully concealed the hacks and others related to good faith and fair dealing, the court found the plaintiffs had failed to establish when the company learned about the 2013 and 2014 hacks, which warranted dismissal of most of the claims brought under the CRA. With respect to the limit on punitive damages, the court held that there is no punitive remedy for the alleged breaches relating to the breach of contract and CRA claims. However, the court did allow the plaintiffs to seek punitive damages for concealment, negligence, and misrepresentation related to the executives’ alleged suppression of the breach.
On February 21, the U.S. Court of Appeals for the 10th Circuit affirmed a district court’s decision that under Colorado law, an insurance company had no duty to indemnify and defend its insured against TCPA claims seeking statutory damages and injunctive relief. According to the appellate opinion, the FTC and the states of California, Illinois, North Carolina, and Ohio sued a satellite television company for violations of the TCPA, Telemarking Sales Rule (TSR), and various state laws for telephone calls made to numbers on the National Do Not Call Registry (FTC lawsuit). The FTC lawsuit sought statutory damages of up to $1,500 per alleged violation and injunctive relief. The defendant requested that its insurer defend and indemnify it for the claims pursuant to existing policies. The insurance company filed a complaint for declaratory judgment, seeking a declaration that it need not defend or indemnify the company in the FTC lawsuit. The district court determined that there was no coverage for several reasons, including: (i) that the statutory TCPA damages were a “penalty,” rendering them uninsurable under Colorado law; and (ii) that the injunctive relief sought did not qualify as damages under the policies’ definition. The 10th Circuit Court of Appeals affirmed both holdings, concluding that no coverage existed.
- Jonice Gray Tucker to discuss "Trends in regulatory enforcement" at the American Bar Association Banking Law Committee Meeting
- Jessica L. Pollet to discuss "Your career is impacting your life..." at the Ark Group Women Legal Conference
- Jon David D. Langlois to discuss "Successors in interest updates" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo
- Brandy A. Hood to discuss "Keeping your head above water in flood insurance compliance" at the Mortgage Bankers Association National Mortgage Servicing Conference & Expo