Skip to main content
Menu Icon Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations
Section Content

Upcoming Events

Filter

Subscribe to our InfoBytes Blog weekly newsletter for news affecting the financial services industry.

  • State AGs file protective petition to stop rollback of net neutrality rules; Senate Democrats announce plans to reverse FCC rule

    Privacy, Cyber Risk & Data Security

    On January 16, a coalition of 22 state attorneys general filed a protective petition for review in the D.C. Circuit Court of Appeals against the Federal Communications Commission (FCC) and the United States to block the FCC’s Declaratory Ruling, Report and Order, and Order released last December to rollback the 2015 Open Internet Order rules (known as “Net Neutrality” rules). As previously covered in InfoBytes, the rollback removes the restrictions barring providers from slowing down or speeding up web traffic based on business relationships, and places the enforcement authority of the new regulatory framework with the Federal Trade Commission (FTC).

    In the petition, the states allege violations of the Administrative Procedure Act’s notice-and-comment rulemaking requirements, and claim that the FCC's actions with respect to Net Neutrality were “arbitrary, capricious, and an abuse of discretion.” According to a press release issued by New York Attorney General Eric T. Schneiderman:

    The FCC’s new rule fails to justify the Commission’s departure from its long-standing policy and practice of defending net neutrality, while misinterpreting and disregarding critical record evidence on industry practices and harm to consumers and businesses. . . Moreover, the rule wrongly reclassifies broadband internet as a Title I information service, rather than a Title II telecommunications service, based on an erroneous and unreasonable interpretation of the Telecommunications Act. Finally, the rule improperly and unlawfully includes sweeping preemption of state and local laws.

    Separately that same day, Senate Democrats announced plans to formally introduce a resolution of disapproval under the Congressional Review Act to reverse the FCC’s vote and restore the Net Neutrality rules. Once the rule is submitted to both houses of Congress, the resolution will be formally introduced, published in the Federal Register, and voted upon within 60 legislative days.

    Privacy/Cyber Risk & Data Security State Issues State AG FCC FTC Net Neutrality Congressional Review Act

    Share page with AddThis
  • FTC report highlights 2017 privacy and data security enforcement work

    Privacy, Cyber Risk & Data Security

    On January 18, the FTC released its annual report on the agency’s privacy and data security work performed in 2017. Among other items, the report highlights consumer-related enforcement activities in 2017, including:

    • a settlement with a ride-sharing company over allegations that it violated the FTC Act by making deceptive claims about its privacy and data practices (previously covered by InfoBytes here);
    • the first EU-U.S. Privacy Shield action resulting in settlements with three companies over allegations that they falsely claimed they were certified to take part in the framework (previously covered by InfoBytes here); and
    • a joint settlement with the New Jersey Attorney General against a “smart” television manufacturer for claims that it secretly gathered users’ viewing data and sold it to third parties who used the data for targeted advertising (previously covered by InfoBytes here).

    The report also covers the FTC’s approval of TRUSTe’s proposed modifications to its safe harbor program under the Children’s Online Privacy Protection Act of 1998 (COPPA), previously covered by Infobytes here; and the agency’s actions related to the national “Do Not Call” Registry.

    Privacy/Cyber Risk & Data Security FTC Compliance Enforcement State AG

    Share page with AddThis
  • FCC Votes to Overturn Net Neutrality Rules

    Agency Rule-Making & Guidance

    On December 14, the FCC voted 3-2 to overturn the 2015 Open Internet Order rules (known as, “Net Neutrality” rules) which mandate that internet service providers (ISPs) treat all web content equally. The FCC released a draft order in November, which outlined the new framework for ISPs, including removing the restrictions barring the providers from slowing down or speeding up web traffic based on business relationships. ISPs are now required to publicly disclose information about their practices including any paid or affiliated prioritization of web content. The FCC places the enforcement authority of the new regulatory framework with the FTC. The order is effective upon OMB approval of the new requirements for ISP public disclosures.

    Agency Rule-Making & Guidance FCC Privacy/Cyber Risk & Data Security FTC Net Neutrality

    Share page with AddThis
  • FTC Announces Settlement With Debt Collection Operation

    Consumer Finance

    This week, the FTC obtained a court order banning a Florida-based debt collection operation and its managing member from the debt collection business. The defendants were accused of violations of the FTC Act and the Fair Debt Collections Practices Act for, among other things, allegedly posing as lawyers and threating individuals with lawsuits or prison time if they failed to pay debt they did not actually owe. The order resolves a complaint filed by the FTC in July against defendants. (See previous InfoBytes coverage here.) Under the terms of the settlement, the defendants are prohibited from, among other things, (i) engaging in debt collection activities; (ii) misrepresenting material facts regarding financial-related products or services; (iii) disclosing, using, or benefiting from consumers’ personal information; and (iv) improperly disposing such information when appropriate. Finally, the order assessed a $702,059 judgment for equitable monetary relief. 

    Consumer Finance FTC Debt Collection Settlement

    Share page with AddThis
  • FTC Settles With Dallas Auto Dealer for Alleged Deceptive Advertisements

    Lending

    On December 1, the FTC announced a proposed order to settle with a Dallas, Texas auto dealership for alleged deceptive advertisements containing loan and lease terms in Spanish-language newspapers. According to the FTC, the dealership violated the FTC Act by prominently displaying advantageous loan and lease terms in Spanish and qualifying those terms in smaller-print English at the bottom of the page. The FTC alleges the dealership misrepresented (i) the total cost of purchasing or leasing; (ii) the underwriting restrictions for the advertised loan or lease; and (iii) the availability of the inventory advertised. Additionally, the FTC alleged that the dealership violated Truth in Lending Act and the Consumer Leasing Act by failing to “clearly and conspicuously” disclose credit and lease terms. The proposal requires the dealership to cease the allegedly deceptive conduct and comply with all applicable advertisement regulations in the future. The proposal is published in the Federal Register and is open for public comment until January 2, 2018.

    Lending Auto Finance FTC Settlement FTC Act TILA CLA Federal Register

    Share page with AddThis
  • FTC Seeks Order to Stop Alleged Telemarketing Debt Relief Scam

    Consumer Finance

    On December 4, the FTC announced that it charged two debt relief companies and five individuals with violations of the FTC Act and the Telemarketing Sales Rule (TSR) in connection with their sale of “bogus” credit card interest rate reduction services. According to the complaint, the defendants contacted consumers using illegal robocalls and made false guarantees to “substantially and permanently” lower the consumers’ credit card interest rates and/or save the consumer thousands of dollars in interest payments. However, the scheme rarely obtained the promised results. In some instances where consumers did get lower interest rates, those rates were only temporary “teaser” rates that did not result in a permanent rate reduction. In addition, defendants failed to disclose the associated balance transfer fees that accompanied the lower teaser rates. The FTC also charged the defendants with TSR violations for (i) collecting illegal upfront fees; (ii) making illegal robocalls; (iii) contacting consumers on the National Do Not Call Registry; and (iv) not paying the required fees to the Registry. The FTC charged one additional individual defendant with substantially assisting the two debt relief operations with the allegedly illegal conduct. The FTC is seeking a temporary restraining order (TRO) against the defendants, requesting the appointment of a receiver to control the two corporate entities, and an asset freeze to assist in potential consumer redress.

    Consumer Finance FTC Credit Cards Debt Settlement Telemarketing Sales Rule

    Share page with AddThis
  • FTC Announces Final Approval of Settlements With Companies Over EU-U.S. Privacy Shield False Certification Claims

    Privacy, Cyber Risk & Data Security

    On November 29, the FTC announced it had approved final settlements with three companies over allegations that they falsely claimed  participation in the European Union-U.S. Privacy Shield (EU-U.S. Privacy Shield) framework. (See previous InfoBytes coverage here.) The settlements mark the FTC’s first EU-U.S. Privacy Shield enforcement actions following the EU’s finalization and adoption in July 2016 (as covered by InfoBytes) of the EU-U.S. Privacy Shield Framework, which established a mechanism for companies to transfer consumer data between the EU and the U.S. in compliance with specified obligations.

    Privacy/Cyber Risk & Data Security Enforcement FTC Settlement

    Share page with AddThis
  • Ride-Sharing Company Announces Data Breach; State Attorneys General Launch Investigations

    State Issues

    On November 21, a ride-sharing company disclosed via press release a 2016 data breach that exposed the personal data of 57 million riders and drivers. According to the company, an outside forensic investigation revealed that in October 2016 hackers obtained approximately 600,000 driver names and license numbers, along with rider names, email addresses, and mobile phone numbers. The company claimed that hackers did not obtain driver or passenger social security, credit card, bank account, birth date, or trip location information. Though the company stated that it has taken action to address the delay in notifying affected individuals and regulators, lawsuits filed by the State of Washington and the City of Chicago claim that the company capitulated to hackers’ demands and “paid the hackers to delete the consumer data and keep quiet about the breach.”

    According to a letter from the company to the Washington attorney general attached to the state’s complaint, the company “is taking personnel actions with respect to some of those involved in the handling of the incident.” The company further stated that it has “implemented and will implement further technical security measures, including improvements related to both access controls and encryption.”

    According to sources, three separate class action lawsuits have been filed against the company as a result of the 2016 breach (see here, here, and here) and five attorneys general (New York, Illinois, Connecticut, Massachusetts, and Missouri) have launched investigations.

    The 2016 data breach follows a settlement in January of that year with the New York Attorney General related to allegations that the company failed to promptly disclose a 2014 data breach.  The 2014 data breach involved an alleged failure to prevent unauthorized access to the company’s consumer and driver data maintained on a third-party cloud service provider. As previously reported in InfoBytes in August, the company reached a settlement with the FTC related to the 2014 data breach; however, that settlement was entered into before the company disclosed the existence of the 2016 breach.

    In a related development, on November 27, the U.S. District Court for the Northern District of California dismissed without prejudice a putative class action lawsuit against the company related to the 2014 data breach. The court held that the driver’s name, license number, and limited banking information disclosed in the breach was not the type of personally identifiable information that could expose plaintiffs to the risk of identity theft. Accordingly, the court dismissed the case for lack of Article III standing. The court also granted plaintiffs a final opportunity to amend their complaint to address the standing deficiencies.

    State Issues Privacy/Cyber Risk & Data Security Data Breach State AG FTC Class Action Settlement Courts

    Share page with AddThis
  • FTC Files Complaint Against Debt Collection Business for Alleged Violations of FTC Act, FDCPA

    Consumer Finance

    On November 8, the FTC issued a press release announcing charges against a Georgia-based debt collection business for allegedly violating the FTC Act by making false, unsubstantiated, or misleading claims to trick consumers into paying debt they did not actually owe. In the complaint, the FTC alleged defendants threatened legal action, garnishment, and imprisonment if the purported debt was not paid, and in other instances, attempted to collect debts after consumers provided proof the debt was paid off. Additionally, the defendants allegedly violated the Fair Debt Collection Practice Act (FDCPA) by (i) making false, deceptive, or misleading representations, including withholding the true status of the debt, threatening legal action or imprisonment, and failing to disclose they were debt collectors; (ii) engaging in unlawful third-party communications without obtaining prior consumer consent; and (iii) failing to provide consumers written verification of their debt within the required time frame. According to the FTC, defendants have collected more than $3.4 million from consumers since January 2015. A federal judge in the U.S. District Court for the Northern District of Georgia has temporarily restrained and enjoined the defendants’ alleged illegal practices and frozen their assets.

    Consumer Finance FTC Debt Collection Enforcement FTC Act FDCPA

    Share page with AddThis
  • FTC Fines California Auto Dealer for Violating Order About Disclosures

    Lending

    On November 6, the FTC announced a settlement of $1.4 million with a Southern California auto dealership for violating a 2014 administrative order (Order). The Order prohibited the dealership from misrepresenting the cost to finance or lease a vehicle. In issuing the Order, the FTC alleged that the dealership had violated the FTC Act by using advertisements that deceptively stated a $0 up-front lease option while excluding other fees and costs, and also that the dealership’s advertisements violated disclosure requirements of the Consumer Leasing Act (CLA) and TILA.

    The new settlement resolves a complaint in which the FTC alleged the auto dealership “routinely violated” the Order requiring the dealership to, among other things, (i) accurately represent costs and terms of financing or leasing vehicles; (ii) conform its advertisements to the requirements of the CLA and TILA; and (iv) maintain necessary records and make those records available to the agency. In addition to the monetary penalty and the prohibition of similar practices, the settlement also subjects the dealership to strong compliance and reporting requirements.

    Lending Auto Finance FTC Enforcement Settlement. FTC Act CLA TILA Disclosures

    Share page with AddThis

Pages