InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
District Court orders college operator to comply with CFPB CID
On September 13, the U.S. District Court for the District of Utah ordered the operator of several defunct colleges to cooperate with a CFPB civil investigative demand (CID) for potential violations of the Consumer Financial Protection Act. In 2019, the Bureau issued a CID to the operator seeking information on its private student loan financing program, as well as litigation concerning the loan program dating back to 2012, to aid its investigation into whether the program constituted unfair, deceptive, or abusive acts or practices. The operator argued that the CID was unenforceable for several reasons, including that it was “unreasonably oppressive” and that the legality of its program had already been litigated in state action. The operator also argued that because the Bureau’s leadership structure rendered it unconstitutional, it lacked authority to enforce the CID. A magistrate judge’s recommendation narrowed the scope of the CID, but the operator continued to object, stating that a severe reduction in staff created a loss of “significant institutional knowledge” about the loan program. After the U.S. Supreme Court issued its ruling in Seila Law LLC v. CFPB (holding that the director’s for-cause removal provision was unconstitutional but severable from the statute establishing the Bureau, as covered by a Buckley Special Alert ), the Bureau’s director ratified the CID. The operator then raised new objections claiming the Bureau’s funding structure violates the U.S. Constitution’s separation of powers, and therefore the agency lacks valid authority to enforce the CID.
The court rejected the operator’s argument, writing that dicta in the Supreme Court’s decision in Seila Law “suggests the Bureau’s funding structure is not an unconstitutional delegation of power from Congress to the Executive Branch.” According to the court, while the majority opinion in Seila Law made note of the CFPB’s funding structure, it treated it “merely as an aggravator” of the for-cause removal protection issues and “went as far as saying the Bureau’s constitutional infirmity would ‘disappear’ if ‘the Director were removable at will by the President.’”
With respect to burdensomeness, the court said the operator has failed to show evidence establishing an unreasonable burden in its objections, and that, moreover, it “has had more than three years’ notice to preserve any information it thought may be relevant to the Bureau’s investigation.” The court further stressed that the CID does not become overly burdensome simply because the operator shuttered its campuses thereby allegedly relinquishing “institutional knowledge” concerning its own education loan program prior to complying with the CID. The court granted the operator a 90-day extension to comply with the CID.
11th Circuit says wasted time, distress can confer FDCPA standing
On September 7, the U.S. Court of Appeals for the Eleventh Circuit vacated the dismissal of an FDCPA action after determining that wasted time and emotional distress can be sufficiently concrete as to confer Article III standing. After the plaintiff fell behind on his monthly condo association payments, the association referred the matter to a law firm (collectively, “defendants”). The defendant law firm eventually filed a claim of lien against the plaintiff’s condo and threatened foreclosure if the plaintiff did not pay more than $10,000 in past-due fees, interest, late fees, attorney’s fees, and costs. The plaintiff sued for violations of the FDCPA and state law, claiming, among other things, that the debt collection letters and claim of lien overstated the amount due by including interest, late fees, and other charges not permitted under Florida law. He also alleged that the law firm violated the FDCPA by filing the claim of lien in the public record, thereby communicating with a third party about his debt without permission. These actions, the plaintiff contended, caused him emotional distress and cost him time, money, and effort when “trying to ‘determine, verify, and dispute the amounts being sought against him.’” The plaintiff eventually voluntarily dismissed the claims against the association, and the law firm moved to dismiss for lack of jurisdiction. The district court determined that the plaintiff lacked standing because the law firm’s actions did not cause him any concrete injury and dismissed the suit.
On appeal, the 11th Circuit disagreed after finding that the time the plaintiff spent trying to determine the correct amount of debt and the emotion distress he suffered during the process were adequate to satisfy constitutional standing requirements. “[Plaintiff] presented evidence that he suffered injuries—including an inaccurate claim of lien against his property; time spent trying to determine the correct amount of his debt, resolve the lien, and avoid the threatened foreclosure; and emotional distress manifesting in a loss of sleep—which are sufficiently tangible to confer Article III standing,” the appellate court wrote. The 11th Circuit explained that while the time and money spent on the FDCPA lawsuit itself could not give rise to a concrete injury for standing purposes, the time and money spent by the plaintiff defending against a legal action taken by a debt collector was “separable” from the costs of bringing the FDCPA suit. Moreover, the appellate court determined that the defendants refusing to release the lien against the plaintiff’s home unless he paid more than what was actually owed “was a tangible harm sufficient to give [plaintiff] standing for his claims that the defendants’ conduct in filing the lien and threatening to foreclose on it violated the FDCPA.”
District Court grants final approval in BIPA class action
On September 1, the U.S. District Court for the Northern District of Illinois granted final approval of a $6.8 million class action settlement in a biometric privacy data suit. According to the plaintiff’s memorandum of law in support of her unopposed motion for final approval of the settlement, the plaintiff alleged that the defendant violated Illinois law by collecting fingerprint scan data from Illinois users of vending machine systems without written notice and consent. According to the settlement, class members include all individuals who scanned their finger(s) in one or more of defendants’ vending systems in Illinois between August 23, 2014 and November 2021, which totals approximately 63,450 individuals. Each class member will receive approximately $413, and the settlement includes roughly $2.2 million in attorney fees for class counsel.
2nd Circuit upholds public service loan relief settlement
On September 7, the U.S. Court of Appeals for the Second Circuit affirmed a class action settlement reached between a student loan servicer and borrowers who claimed the servicer failed to inform them of a loan forgiveness program for public service employees. As previously covered by InfoBytes, the settlement required the servicer—who denied any allegations of wrongful conduct and damages—to put in place enhancements to identify borrowers who may qualify for Public Service Loan Forgiveness (PSLF) and “distribute comprehensive and accurate information about how to qualify, which are meaningful business practice enhancements.” The servicer was also required to fund a $2.25 million non-profit program to provide counseling to borrowers at all stages of the repayment process. The settlement also approved service awards for the named plaintiffs. In affirming the settlement, the appellate court rejected arguments raised by objectors who claimed, among other things, that the cy pres award would not benefit the class and “that the settlement improperly released monetary claims.”
“The cy pres award funds Public Service Promise and thereby assists all class members in navigating PSLF and determining whether they have a viable individual monetary claim against [the servicer],” the panel wrote, acknowledging that other circuit courts have recognized that class members can indirectly benefit from defendants paying appropriate third parties. “[T]he reforms will also benefit the remaining class members who, for example, are no longer with [the servicer] or who no longer have student loans, by providing them accurate information about the PSLF and helping them determine whether they have viable individual claims for damages,” the 2nd Circuit said.
11th Circuit says plaintiff lacks standing in collection letter case
On September 8, the U.S. Court of Appeals for the Eleventh Circuit issued an en banc decision in Hunstein v. Preferred Collection & Management Services, dismissing the case after determining the plaintiff lacked standing to sue. The majority determined that “[b]ecause Hunstein has alleged only a legal infraction—a ‘bare procedural violation’—and not a concrete harm, we lack jurisdiction to consider his claim.” In April 2021, the 11th Circuit held that transmitting a consumer’s private data to a commercial mail vendor to generate debt collection letters violates Section 1692c(b) of the FDCPA because it is considered transmitting a consumer’s private data “in connection with the collection of any debt.” The decision revived claims that the debt collector’s use of a third-party mail vendor to write, print, and send requests for medical debt repayment violated privacy rights established in the FDCPA. The 11th Circuit last November, however, voted sua sponte to rehear the case en banc and vacated its earlier opinion. (Covered by InfoBytes here.)
The en banc decision relied heavily on the U.S. Supreme Court’s ruling in TransUnion v. Ramirez (covered by InfoBytes here), which clarified the type of concrete injury necessary to establish Article III standing and directed courts “to consider common-law torts as sources of information on whether a statutory violation had caused a concrete harm.” The majority pointed out that when making a common-law tort comparison, courts “do not look at tort elements in a vacuum” but rather “make the comparison between statutory causes of action and those arising under the common law with an eye toward evaluating commonalities between the harms.”
“What harm did this alleged violation cause?” the majority questioned in its opinion, finding that no tangible injury or loss was identified in the complaint. Rather, the plaintiff analogized to the tort of public disclosure. The majority found that this comparison was inapposite, because “the disclosure alleged here lacks the fundamental element of publicity.” Because there was no public disclosure, there was no invasion of privacy and therefore no cognizable harm.
Four judges dissented, arguing that the plaintiff had standing to sue. They opined that the court’s job is not to determine whether the plaintiff stated a viable common-law tort claim, but rather to “compare the ‘harm’ that Congress targeted in the FDCPA and ‘harm’ that the common law sought to address” and to determine whether those harms bear a sufficiently “close relationship.” The dissenting judges found that the plaintiff’s allegations that the delivery of “intensely private information” to the vendor is the “same sort of harm that common-law invasion-of-privacy torts—and in particular, public disclosure of private facts—aim to remedy.” The dissent also stressed that even if the disclosure alleged by the plaintiff is less extensive than the type of disclosure of private information typically at issue in a common law invasion of privacy claim, that is a question of the degree of harm and not a question of the kind of harm, and therefore should not be the basis for dismissal.
11th Circuit affirms denial of title company’s cyber fraud claim
On September 6, the U.S. Court of Appeals for the Eleventh Circuit upheld a district court’s decision to deny insurance coverage to a Florida title company under its Cyber Protection Insurance Policy after it was allegedly “fraudulently induced—by an unknown actor impersonating a mortgage lender—to wire funds to an incorrect account.” The insurance company denied coverage on the basis that the title company did not meet the policy’s requirements. The title company submitted a claim under the cybercrime endorsement of its insurance policy, which includes a deceptive transfer fraud insurance clause that grants coverage provided certain criteria are met, including that the loss resulted from intentionally misleading actions, was done by a person purporting to be an employee, customer, client or vendor, and the authenticity of the wire transfer instructions was verified according to the title company’s internal procedures. The insurance company denied coverage, claiming that: (i) the mortgage lender to whom the funds were intended was not an employee, customer, client or vendor of the title company; and (ii) that the title company failed to verify the transfer request according to its procedures. The district court granted summary judgment in favor of the insurance company, agreeing that coverage did not exist under the plain language of the policy.
On appeal, the 11th Circuit determined that the mortgage lender was not listed as an entity under the plain language of the policy. It further disagreed with the title company’s position that under Florida law, insurance coverage clauses must “be construed as broadly as possible to provide the greatest amount of coverage,” and that the deceptive transfer fraud clause should also include “persons and entities involved in the real estate transaction.” The appellate court noted that “[a]s attractive as that proposition may be, it is simply not what the clause provides,” adding that because the clause “limits coverage to misleading communications ‘sent by a person purporting to be an employee, customer, client or vendor’” it must interpret these terms according to their plain meaning and may not “alter[] the terms bargained to by parties to a contract.”
District Court says tech company not liable for app in crypto theft
On September 2, the U.S. District Court for the Northern District of California granted a defendant California tech company’s motion to dismiss a putative class action filed by users who claimed their cryptocurrency was stolen after they downloaded a “phishing” program that posed as a legitimate digital wallet. Plaintiffs alleged that the illegitimate app (developed by a third-party and not the defendant) caused them to lose thousands of dollars in cryptocurrency. Claiming that the app was a spoofing and phishing program that obtained consumers’ cryptocurrency account information and routed that information to hackers’ personal accounts, plaintiffs sued, asserting claims under the federal Computer Fraud and Abuse Act, Electronic Communications Privacy Act, California Consumer Privacy Act, California’s Unfair Competition Law, California Consumer Privacy Act, California Consumer Legal Remedies Act, Maryland Wiretap and Electronic Surveillance Act, Maryland Personal Information Protection Act, and Maryland Consumer Protection Act. The defendant moved to dismiss, arguing that it was immune from liability under § 230(c)(1) of the Communications Decency Act. The court agreed with the defendant, ruling that it is granted protection under the Act because it qualifies as an “interactive computer service provider” within the meaning of the statute, is treated as a publisher, and provides information from another information content provider. “Here, plaintiffs’ computer fraud and privacy claims are based on [defendant’s] reproduction of an app [] intended for public consumption, via the App Store,” the court wrote. “But, as [defendant] notes, its review and authorization of the [] app for distribution on the App Store is inherently publishing activity.” Moreover, the court concluded that, among other things, the defendant’s liability provision contained within its terms, which states that it is not liable for conduct of a third party, is valid and enforceable.
District Court preliminarily approves TCPA class action settlement
On March 3, the U.S. District for the Central District of California granted final approval of a TCPA class action settlement with a satellite TV company. According to a memorandum in support of plaintiff’s motion for preliminary approval of class action settlement and certification, the plaintiff class alleged that the defendant violated the TCPA by using an artificial or prerecorded voice to call cell phones without the prior express consent of class members, consisting of about 22,000 individuals. The settlement class includes all people who received non-emergency calls from the defendant and four of its debt collection companies “regarding a debt allegedly owed to [the defendant], to a cellular telephone through the use of an artificial or prerecorded voice, and who has not been a [defendant] customer at any time since October 1, 2004.” The settlement requires the defendant to pay an all-cash non-reversionary sum of $17 million. The settlement could also approach or exceed $500 in damages per call for class members who make claims and includes an award of attorney fees of up to $5.61 million, or 33 percent of the settlement fund, in addition to litigation costs. Specifically, the settlement would provide $606.06 per call for settlement class members who received calls from two of the defendant’s debt collectors, and those members will get two shares of the pro rata distribution. Settlement class members who received calls from two other of the defendant’s debt collectors will get $303.03 per call and one share of the pro rata distribution.
District Court grants final approval in TCPA class action
On September 1, the U.S. District Court for the Central District of California granted final approval of a class action settlement in a TCPA suit. According to the plaintiffs’ motion for preliminary approval of the class action settlement, the plaintiffs are non-customers who the defendant contacted as part of its efforts to collect on the account of a defendant’s customer and who had not consented to calls from the defendant. The plaintiffs further alleged that the defendant used its autodialer to place those calls and conveyed prerecorded messages to third parties who had not consented to receive such calls, and that through analysis of the defendant’s records, broad notice to class members, and a robust claims verification procedure, it was possible to provide notice to non-customer class members. According to the settlement, the class includes any customer in the U.S. who received automated, non-emergency calls from the defendant on their cell phones from March 2012 through March 2022, and was not a party to an agreement with the defendant. The settlement noted that class members are expected to get between $75 and $250 per person, stating that “this estimated settlement range compares very favorably with other 'wrong number' settlements . . . , and with the $500 penalty for violation of the TCPA.”
8th Circuit affirms decision in FDCPA case
On September 6, the U.S. Court of Appeals for the Eighth Circuit affirmed a district court’s order to grant a defendant’s motion for judgment on the pleadings in an FDCPA suit. According to the opinion, the defendant sent the plaintiff a debt collection letter identifying the plaintiff as the attorney for a consumer named in the letter. The consumer was not the plaintiff’s client, the consumer had never identified the plaintiff as her attorney to anyone, and the plaintiff had never identified himself as the consumer’s attorney. When the plaintiff was unable to recognize the consumer’s name, he engaged in an extensive search of his files and records to determine if he had ever represented the consumer, and “found nothing to indicate that she was a past or present client.” The plaintiff filed suit, asserting that the defendant violated § 1692c(b) of the FDCPA when it contacted him regarding the debt of a consumer whom he did not represent and without the consumer’s consent. The plaintiff alleged that he suffered injury as a result of the violation, because his search for the consumer’s records cost him “valuable time and resources that he could have spent working on matters for actual clients.” The district court ruled that the defendant’s letter violated § 1692c(b) but said that the plaintiff lacked standing to sue under the statute and entered judgment on the pleadings against the plaintiff.
On appeal, the 8th Circuit agreed with the district court that the defendant violated the FDCPA when it sent the letter to the attorney, but also agreed with other circuit courts that non-consumers cannot bring § 1692c(b) claims. The appellate court noted that “[b]ecause the purpose of § 1692c(b) is to protect consumers alone, we conclude that [the plaintiff] falls outside § 1692c(b)’s ‘zone of interests’ and thus cannot invoke the protection afforded by it.” The 8th Circuit rejected the plaintiff’s argument that the proper course of action was to remand the case back to state court, where it was originally filed, and affirmed that the decision “was a ruling on the merits of [the plaintiff’s] claim, not on the district court’s jurisdiction.”