Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • FTC Announces Settlement with Ride-Sharing Company Over Privacy Allegations

    Privacy, Cyber Risk & Data Security

    On August 15, the FTC issued a press release announcing a settlement with a ride-sharing company over allegations that it violated the Federal Trade Commission Act by making deceptive claims about its privacy and data practices. According to the complaint, the company allegedly failed to closely monitor and audit its employees’ internal access to consumer and driver data. Furthermore, the company represented to consumers and drivers that personal information stored in its databases were secure, but, according to the FTC, failed to implement reasonable measures to prevent unauthorized access to consumers and driver data maintained by the ride-sharing company’s third-party cloud service provider. Both counts, the FTC alleged, demonstrated false or misleading representations. In the press release, FTC Acting Chairman Maureen K. Ohlhausen said, “This case shows that, even if you’re a fast growing company, you can’t leave consumers behind: you must honor your privacy and security promises.”

    Under the terms of the decision and order, the company has agreed to establish, implement, and maintain a written “comprehensive privacy program,” reasonably designed to: (i) “address privacy risks related to the development and management of new and existing products and services for consumers,” and (ii) “protect the privacy and confidentiality of Personal Information.” The company is also required to obtain biennial independent third-party assessments to address privacy controls requirements and “certify that the privacy controls are operating with sufficient effectiveness to provide reasonable assurance to protect the privacy of Personal Information and that the controls have operated throughout the reporting period.”

    The agreement with the FTC will be subject to public comment for 30 days through September 15, at which point the FTC will decide whether to make the proposed consent order final.

    Privacy/Cyber Risk & Data Security FTC UDAAP Settlement FTCA

    Share page with AddThis
  • FTC Files Complaint Against Independent Sales Organization and Sales Agents for Alleged Credit Card Laundering Charges

    Consumer Finance

    On August 7, the FTC issued a press release announcing charges against 12 defendants, comprised of an independent sales organization (ISO), sales agents, payment processors, and identified principals, for allegedly violating the Federal Trade Commission Act and the Telemarketing Sales Rule (TSR) by laundering credit card transactions on behalf of a “telemarketing scam” operation (operation) through fictitious merchant accounts. According to a July 28 complaint filed by the FTC, the defendants engaged in a scheme with the operation to process credit card charges through merchant accounts set up by the operation under fictitious company names instead of processing charges through a single merchant account under the operation’s name. This type of practice, the FTC claims, is known as “credit card laundering” or “factoring” and violates the TSR. The defendants purportedly (i) underwrote and approved the operation’s fictitious companies; (ii) set up merchant accounts with its acquirer for the fictitious companies; (iii) used sales agents to market processing services to merchants; (iv) processed nearly $6 million through credit card networks; and (v) transferred sales revenue from the transactions to companies controlled by the defendants. The FTC seeks “permanent injunctive relief, recession or reformation of contracts, restitution, the refund of monies paid, disgorgement of ill-gotten moneys, and other equitable relief.”

    Notably, in 2013, the FTC accused the same “telemarketing scam” operation of allegedly promoting “worthless business opportunities” to consumers and falsely promising that they would earn thousands of dollars. A 2015 summary judgement resulted in over $7 million in consumer injury. (See previous InfoBytes coverage here.)

    Consumer Finance Credit Cards FTC UDAAP Telemarketing Sales Rule Fraud

    Share page with AddThis
  • FTC to Use Consumer Complaints to Help End Robocalls

    Privacy, Cyber Risk & Data Security

    On August 1, the FTC announced a new initiative to help stop the practice of illegal robocalls. According to the FTC, more than 1.9 million complaints regarding unwanted robocalls were received from January through May of this year, making it the FTC’s number one complaint category. Under the new initiative, using information received from consumer complaints, the FTC will release reported robocall phone numbers each day to telecommunications carriers and other industry partners currently implementing call-blocking solutions and will include information such as the date and time the call was received and the nature of the call. “The consumer complaint data is crucial because many of today’s call-blocking solutions rely on ‘blacklists’—databases of telephone numbers that have received significant consumer complaints—as one way to determine which calls should be blocked or flagged before they reach consumers’ phones,” the FTC stated.

    Privacy/Cyber Risk & Data Security FTC Consumer Complaints

    Share page with AddThis
  • FTC Approves Modifications to COPPA Safe Harbor Program

    Privacy, Cyber Risk & Data Security

    On July 31, the FTC announced it has approved TRUSTe’s proposed modifications to its Children’s Online Privacy Protection Rule's (COPPA) safe harbor program. As previously covered in InfoBytes, COPPA regulates what websites and online services are required to do to ensure the protection of children’s privacy and safety online. The safe harbor program allows the FTC to review and approve “self-regulatory guidelines” submitted by industry groups that implement “the same or greater protections for children” as those contained in the COPPA Rule, and subjects approved groups to safe harbor review and disciplinary procedures instead of formal enforcement action. Among the approved modifications is a change which requires all participants to conduct a comprehensive annual internal assessment of any third-party or service provider that collects personal information from children on their websites or through online services.

    Privacy/Cyber Risk & Data Security Agency Rule-Making & Guidance FTC Compliance

    Share page with AddThis
  • FTC to Host Joint Conference on Protecting Military Consumers

    Consumer Finance

    On July 27, the FTC announced it is partnering with state and local authorities to host the Protecting Military Consumers: A Common Ground Conference on September 7 in Los Angeles to provide training on consumer fraud and other issues affecting servicemembers and their families. The conference is geared towards military attorneys, law enforcement personnel, and consumer protection officials, and will include the following topics:

    • student loans and for-profit colleges;
    • identity theft and imposter scams;
    • debt collections;
    • mortgage disputes; and
    • real estate fraud.

    Additionally, the conference will discuss several federal, state, and local consumer protection laws, including the Servicemembers Civil Relief Act, the Military Lending Act, and FTC and CFPB rules and regulations.

    Earlier in July, the FTC held a Military Consumer Financial Workshop to educate consumers on financial issues and scams they may face. (See previous InfoBytes coverage here.)

    Consumer Finance Agency Rule-Making & Guidance FTC Servicemembers SCRA Military Lending Act CFPB Student Lending Mortgages Debt Collection Privacy/Cyber Risk & Data Security

    Share page with AddThis
  • FTC Announces Weekly Blog on Reasonable Data Security Practices

    Privacy, Cyber Risk & Data Security

    On July 21, the FTC announced a new initiative as part of ongoing efforts to provide guidance to businesses on protecting and securing consumer data. Each Friday, the FTC will post a new blog that will build on the FTC’s Start with Security principles, and will showcase hypothetical examples using material from closed investigations, FTC law enforcement actions, and questions from businesses. The first blog post, “Stick with Security: Insights into FTC Investigations,” highlights practical approaches for businesses to take in securing consumer data based on examples gleaned from FTC complaints and orders. The post also examines emerging themes from closed FTC data security investigations that did not necessarily result in FTC law enforcement.

    Privacy/Cyber Risk & Data Security FTC Small Business

    Share page with AddThis
  • FTC to Host Small Business Roundtables Focusing on Cybersecurity

    Privacy, Cyber Risk & Data Security

    On July 20, the FTC announced it will host a series of public roundtables to discuss pressing challenges facing small businesses when protecting the security of their computers and networks. The feedback will be used to assist the FTC and its partners in creating additional cybersecurity education resources. The Engage, Connect, and Protect Initiative: Small Business and Data Security Roundtables are part of Acting FTC Chairman Maureen K. Ohlhausen’s initiative to help small businesses protect against cyberattacks. Earlier this year, Ohlhausen launched a website designed to provide guidance for small businesses on scams and cyberattacks, many of which lack the resources larger companies have to spend on cybersecurity. (See previous InfoBytes post here.)

    The first roundtable will be on July 25 in Portland, Oregon, in partnership with the National Cyber Security Alliance (NCSA), the SBA, and other organizations. On September 6, a second roundtable discussion will convene in Cleveland in collaboration with the SBA and the Council of Smaller Enterprises. The third roundtable in the series, sponsored by the NCSA, will occur later in September in Des Moines, Iowa.

    Privacy/Cyber Risk & Data Security Agency Rule-Making & Guidance FTC Small Business

    Share page with AddThis
  • FTC Staff Supports FCC’s Proposal to Reverse Broadband Enforcement Authority

    Privacy, Cyber Risk & Data Security

    On July 17, FTC staff submitted its comments to the FCC in response to the FCC’s Notice of Proposed Rulemaking on Restoring Internet Freedom (NPRM), in favor of returning broadband enforcement authority to FTC. (See previous InfoBytes coverage here.) The NPRM would reverse a 2015 FCC decision, which changed the classification of broadband internet access service from an “information service to a common carrier service,” and resulted in a loss to the FTC’s authority. Currently, the FTC cannot regulate common carrier activities. FTC staff argued that with the exception of broadband providers, FTC jurisdiction covers virtually all other internet entities. Having one agency with enforcement authority over all internet entities would allow for “consistent standards and consistent application of those standards.” The result, the staff encouraged, would be the creation of a “level playing field for all companies operating in the Internet ecosystem.”

    Acting FTC Chairman Maureen K. Ohlhausen endorsed the staff comments and offered support for the NPRM to reverse the 2015 Title II classification of broadband internet access service as a way to “restore the FTC’s ability to protect broadband consumers under its general consumer protection and competition authority.” However, FTC Commissioner Terrell McSweeny dissented, stating that “[u]nless Congress repeals the common carrier exemption in the FTC Act, the FTC could continue to face challenges to its authority over common carriers.” Consequently, “[r]epealing these rules would be harmful for consumers and the marketplace . . . . Rather than roll[ing] back protections, we should augment them with renewed FCC vigor and a change to anachronistic barriers to FTC enforcement.”

    Privacy/Cyber Risk & Data Security FTC FCC Federal Issues Agency Rule-Making & Guidance Enforcement

    Share page with AddThis
  • FTC Chairman Announces Reforms for Bureau of Consumer Protection, Aims to Improve Transparency

    Agency Rule-Making & Guidance

    On July 17, FTC Acting Chairman Maureen K. Ohlhausen announced process reforms designed to reduce burden and improve transparency in investigations conducted by its Bureau of Consumer Protection (BCP). The initiative, which is part of the FTC’s reform efforts announced in April of this year, is designed to “protect consumers and promote competition without unduly burdening legitimate business activity.” To streamline information requests for CIDs in consumer protection cases, the BCP intends to:

    • Provide plain language descriptions of the CID process and develop business education materials to help small businesses understand how to comply;
    • Add detailed descriptions of the scope and purpose of investigations to assist companies in better understanding the information the FTC seeks;
    • Limit relevant time periods to minimize undue burden on companies when possible;
    • Significantly reduce the length and complexity of CID instructions for providing electronically stored data; and
    • Increase response times (for example, 21 days to 30 days for targets, and 14 days to 21 days for third parties) to improve the quality and timeliness of compliance by recipients.

    BCP will continue its current practice of communicating with investigation targets at least every six months once the CID has been complied with to provide investigation status updates.

    Agency Rule-Making & Guidance FTC Enforcement Investigations

    Share page with AddThis
  • FTC Announces Charges Against Debt Collection Operation for FDCPA and FTC Act Violations

    Consumer Finance

    On July 17, the FTC issued a press release announcing charges against a Florida-based debt collection operation for allegedly posing as lawyers and threating individuals with lawsuits or prison time if they failed to pay debt they did not actually owe. According to the complaint filed by the FTC, the defendants’ violated the FTC Act by making false, unsubstantiated, or misleading representations regarding debt owed and threatened legal action. Additionally, the defendants allegedly violated the Fair Debt Collection Practices Act by (i) engaging in “unlawful third-party communications” without obtaining prior consumer consent; (ii) failing to disclose they were debt collectors; (iii) making false, deceptive, or misleading representations by withholding the true status of the debt, impersonating attorneys, and threatening legal action, among others; and (iv) failing to provide consumers written verification of their debt within the required time frame. As a result, the FTC announced a federal court has temporarily halted the operation and frozen its assets.

    Consumer Finance FTC Debt Collection FDCPA

    Share page with AddThis

Pages