InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
9th Circuit: Incomplete loan modification application bars plaintiff's CA Homeowner Bill of Rights claims
On May 11, the U.S. Court of Appeals for the Ninth Circuit affirmed dismissal of a plaintiff’s allegations that a lender violated RESPA and the California Homeowner Bill of Rights (HBOR), breached its contract, and breached the implied covenant of good faith and fair dealing. The court also dismissed the plaintiff’s request for promissory estoppel. In affirming the district court, the appellate court determined that the plaintiff’s HBOR claims failed, specifically because the plaintiff insufficiently showed that she incurred actual damages because of a RESPA violation. The appellate court also agreed that the plaintiff’s HBOR claims failed because she did not submit a complete application. Under HBOR, mortgage servicers are prohibited from reporting a notice of default if a lender’s “complete application for a first lien loan modification” is pending. The appellate court concluded that the plaintiff failed to sufficiently show that she had submitted a complete loan modification application, and did not demonstrate that she took follow-up action in response to a letter stating her loan modification application was incomplete, meaning her claim failed.
With respect to the plaintiff’s remaining claims, the 9th Circuit held, among other things, that the lender’s “alleged promise to consider plaintiff’s loan modification application upon dismissal of her lawsuit was neither sufficiently definite to create a contract nor sufficiently ‘clear and unambiguous to support a promissory estoppel.’” Moreover, the plaintiff’s claim for breach of the covenant of good faith and fair dealing also failed because she could not prove breach of contract. Specifically, she did not state a claim for breach of the deed of trust because, as the plaintiff herself noted, “she failed to perform under the deed of trust when she did not make loan payments, and performance under the contract is a necessary element of a breach of contract claim.”
The dissenting judge disagreed with the majority in two key respects. First, the judge argued the majority wrongfully rejected the plaintiff’s HBOR claim because the complaint contended that the lender “would send out such boilerplate letters so that it did not have to comply with the requirement that it cease foreclosure activities once an application is complete,” and that “a lender’s bad faith conduct does not render a borrower’s application incomplete.” Regarding the plaintiff’s good faith and fair dealing claim, the judge argued that the plaintiff plausibly alleged that she submitted a complete application to the lender. According to the complaint, the plaintiff submitted the necessary documents and was allegedly informed by the lender’s lawyer that “her application was ‘in review, which meant that plaintiff’s application was complete.’”
Arizona obtains $1.6 million in restitution from debt collection operation
On May 10, the Arizona attorney general announced it filed a stipulated consent judgment in the Superior Court of Arizona against a defendant, the owner and manager of a debt collection operation. The AG’s original action was part of the FTC’s “Operation Corrupt Collection”—a nationwide enforcement and outreach effort established by the FTC, CFPB, and more than 50 federal and state law enforcement partners to target illegal debt collection practices (covered by InfoBytes here).
According to the AG’s press release announcing the consent judgment, the defendant’s debt collection operation allegedly called consumers and made false claims and threats to convince people to pay debts the operation had no authority to collect. The complaint contended that employees frequently used spoofing software to reinforce claims that they were law enforcement officers, government officials, process servers, and law firm personnel to intimidate consumers into paying the alleged debts, and told consumers to immediately respond or be held in contempt of court. Employees also allegedly threatened to file lawsuits, garnish wages and tax returns, place liens on homes and car titles, freeze bank accounts, send law enforcement to consumers’ homes and/or places of employment, and arrest consumers.
Under the terms of the consent judgment, the defendant is required to pay more than $1.6 million in consumer restitution and up to $900,000 in civil penalties, and is permanently enjoined, restrained and prohibited from participating in the debt collection industry. Court approval of the stipulated judgment is pending.
District Court: Emotional distress did not cause injury-in-fact
On May 10, the U.S. District Court for the Western District of New York granted a defendant’s motion for summary judgment in a FDCPA class action suit. According to the order, the defendant sent the plaintiff a letter seeking to collect $9,700. The collections letter identified the name of the original creditor and the name of the current creditor to whom the debt was owed. The plaintiff filed suit, claiming he suffered emotional distress, and alleging that the debt was not owed to the defendants, and that the letter “erroneously” claimed that the current creditor to whom the debt was owed was not the owner of the debt, in violation of the FDCPA. The court granted the defendant’s summary judgment, dismissing the claims and finding that the case “is at the summary judgment stage,” which “requires proof of injury-in-fact beyond the sufficiency of Plaintiff’s allegations of an injury.” The court further stated that the “[p]laintiff states in his responding Declaration that his stress came from not knowing how his personal information was learned by Defendant,” but that the “[p]laintiff did not seek medical attention for the emotional distress he suffered.” The court continued that “failure to seek medical treatment is material in establishing the extent of Plaintiff’s injury (in [sic] any) from the emotional distress.” The court found that the plaintiff did “not establish[] that he suffered an injury-in-fact from his emotional distress arising from the dunning letter.”
CFPB, FTC weigh in on consumer reporting obligations under the FCRA
On May 5, the CFPB and FTC filed a joint amicus brief with the U.S. Court of Appeals for the Second Circuit, seeking the reversal of a district court’s decision which determined that a consumer reporting agency (CRA) was not liable under Section 1681e(b) of the FCRA for allegedly failing to investigate inaccurate information because the inaccuracy was “legal” and not “factual” in nature. The agencies countered that the FCRA, which requires credit reporting companies to follow reasonable procedures to assure maximum possible accuracy of the information included in consumer reports, “does not contain an exception for legal inaccuracies.”
The plaintiff noticed that the CRA reported that she owed a balloon payment on an auto lease that she was not obligated to pay under the terms of the lease. After the plaintiff confirmed she did not owe a balloon payment, she filed a putative class action against the CRA contending that it violated the FCRA by inaccurately reporting the debt. The CRA countered that it could not be held liable because “it is not obligated to resolve a legal challenge to the validity of the balloon payment obligation reported by” the furnisher “and that it reasonably relied on [the furnisher] to report accurate information.” Moreover, the CRA argued that even if it did violate the FCRA, the plaintiff was not entitled to damages because the violation was neither willful nor negligent. The district court sided with the CRA, drawing a distinction between factual and legal inaccuracies and holding that whether the plaintiff actually owed the balloon payment was a “legal dispute” requiring “a legal interpretation of the loan’s terms.” According to the district court, “CRAs cannot be held liable when the accuracy at issue requires a legal determination as to the validity of the debt the agency reported.” The court further concluded that since the plaintiff had not met the “threshold showing” of inaccuracy, the information in the consumer report “was accurate,” and therefore the CRA was “entitled to summary judgment because ‘reporting accurate information absolves a CRA of liability.’”
In urging the appellate court to overturn the decision, the agencies argued that the exemption for legal inaccuracies created by the district court is unsupported by statutory text and is not workable in practice. This invited defense, the FTC warned in its press release, “invites [CRAs] and furnishers to skirt their legal obligations by arguing that inaccurate information is only legally, and not factually, inaccurate.” The FTC further cautioned that a CRA might begin manufacturing “some supposed legal interpretation to insulate itself from liability,” thus increasing the number of inaccurate credit reports.
Whether the plaintiff owed a balloon payment and how much she owed “are straightforward questions about the nature of her debt obligations,” the agencies stated, urging the appellate court to “clarify that any incorrect information in a consumer report, whether ‘legal’ or ‘factual’ in character, constitutes an inaccuracy that triggers reasonable-procedures liability under the FCRA.” The agencies also pressed the appellate court to “clarify that a CRA’s reliance on information provided by even a reputable furnisher does not categorically insulate the CRA from reasonable-procedures liability under the FCRA.”
The Bureau noted that it also filed an amicus brief on April 7 in an action in the U.S. Court of Appeals for the Eleventh Circuit involving the responsibility of furnishers to reasonably investigate the accuracy of furnished information after it is disputed by a consumer. In this case, a district court found that the plaintiff, who reported several fraudulent credit card accounts, did not identify any particular procedural deficiencies in the bank’s investigation of her indirect disputes and granted summary judgment in favor of the bank on the grounds that the “investigation duties FCRA imposes on furnishers [are] ‘procedural’ and ‘far afield’ from legal ‘questions of liability under state-law principles of negligence, apparent authority, and related inquiries.’ Moreover, the district court concluded that there was no genuine dispute as to whether the bank conducted a reasonable investigation as statutorily required. The Bureau noted in its press release, however, that the bank “had the same duty to reasonably investigate the disputed information, regardless of whether the underlying dispute could be characterized as “legal” or “factual.” In its brief, the Bureau urged the appellate court to, among other things, reverse the district court’s ruling and clarify that the “FCRA does not categorically exempt disputes presenting legal questions from the investigation furnishers must conduct.” Importing this exemption would run counter to the purposes of FCRA, would create an unworkable standard that would be difficult to implement, and could encourage furnishers to evade their statutory obligations any time they construe the disputes as “legal.” The brief also argued that each time a furnisher fails to reasonably investigate a dispute results in a new statutory violation, with its own statute of limitations.
District Court settles data scraping lawsuit
On May 9, the U.S. District Court for the Northern District of California issued a final judgment on consent resolving a lawsuit concerning data scraping allegations. A professional networking site (plaintiff) sued a Singapore-based company and three company founders (collectively, “defendants”) claiming the defendants violated the terms of the plaintiff’s user agreement by gaining unauthorized access to areas of the plaintiff’s platform that are only accessible to real logged-in members, scraping millions of member profile pages, and using fake member accounts and prepaid virtual debit card numbers to fraudulently obtain access to a function that provides advanced features. In alleging claims for breach of contract, fraud and deceit, and misappropriation, among others, the plaintiff claimed the defendants’ activities defrauded it out of hundreds of thousands of dollars in revenue. According to the court’s judgment, the defendants have agreed to be permanently restrained and barred from engaging in the aforementioned activities, including using scraping to access the plaintiff’s data, engaging in marketing and advertising about the availability of user data on the defendant’s website, circumventing any technological measures that control access to the plaintiff’s servers, and transferring data to third parties. “Defendants represent that they have destroyed all [plaintiff] member profile data, whether stored in electronic form or otherwise, in their possession, custody, or control and have certified in writing that they have done so,” the judgment stated. While the judgment did not include a monetary penalty, the court noted that violation of the final judgment or consent shall expose the defendants and all other persons bound by the final judgment on consent “to all applicable penalties, including contempt of Court.”
District Court dismisses privacy class action claims citing absence of jurisdiction
On May 5, the U.S. District Court for the Northern District of California granted defendants’ motions to dismiss a putative class action concerning invasion of privacy claims related to the collection of consumer data over an online shopping platform. The Canada-based e-commerce company and two of its wholly-owned subsidiaries operate an e-commerce platform that hosts merchants’ websites and facilitates and verifies customers’ payment information. According to the plaintiff, the defendants’ platform intercepts payment information and collects shoppers’ sensitive personal information through the use of cookies, including names, addresses, and credit card information. The plaintiff alleged that the defendants compile the data into individualized profiles, which is shared with merchants, and also share shoppers' data with other non-merchant third parties. Shoppers are not required to consent to any of these activities and are supposedly unaware that their sensitive information is being tracked and shared, the plaintiff stated, claiming violations of California’s Invasion of Privacy Act, Computer Data Access and Fraud Act, and Unfair Competition Law, among other things. In dismissing the action, the court concluded that the plaintiff’s privacy claims against the defendants are too general and fail to identify which defendant is responsible for the plaintiff’s alleged injuries. The court noted that it would normally permit the plaintiff to amend his complaint to address the issue, but said that in this case the court lacks both general and specific jurisdiction over any of the defendants. The court explained that the plaintiff failed to argue that any of the three entities (based either in Canada or Delaware) are subject to general jurisdiction in California. Simply stating that the platform “enables merchants to sell products online . . . does not represent an intentional act directed at California residents,” the court stated.
1st Circuit: Bankruptcy Code “unequivocally strips tribes” of their sovereign immunity to sue
On May 6, the U.S. Court of Appeals for the First Circuit reversed a district court’s decision, ruling that American tribes are not exempt from federal law barring suits against debtors once they file for bankruptcy. The debtor (plaintiff) in 2019 took out a $1,100 payday loan from a creditor (appellee), who is a subsidiary of a tribe. He voluntarily filed a Chapter 13 bankruptcy petition, listing his debt to the appellee, which had increased to approximately $1,600, as a nonpriority unsecured claim. He also listed the appellee on the petition’s creditor matrix, and his attorney mailed the appellee a copy of the proposed Chapter 13 plan. When the plaintiff filed the petition, the Bankruptcy Code imposed an automatic stay enjoining “debt-collection efforts outside the umbrella of the bankruptcy case.” The appellee continued to attempt to contact the plaintiff regarding the debt, but the plaintiff had allegedly previously notified the appellee’s representatives that he had filed for bankruptcy. Two months after the plaintiff filed the petition, he claimed that his “mental and financial agony would never end,” and blamed his agony on the appellee’s “regular and incessant telephone calls, emails and voicemails.” To stop the appellee’s collection efforts, the plaintiff relocated to enforce the automatic stay against the appellee and its corporate parents and sought an order prohibiting future collection efforts, as well as damages, attorney's fees, and expenses. In response, the tribe and its affiliates asserted tribal sovereign immunity and moved to dismiss the enforcement proceeding. The bankruptcy court agreed with the tribe and granted the motions to dismiss.
On the appeal, the tribe argued that the Bankruptcy Code cannot abrogate tribal sovereign immunity because it never uses the word “tribe.” The appellate court noted that the argument “boils down to a magic-words requirement” that tribes must be mentioned in order to be covered by a law, but U.S. Supreme Court precedent “forbids us from adopting a magic-words test.” However, the appellate court further noted that Congress did not determine that tribes were subject to the Code, stating that “[e]ven if Congress need not use magic words to make clear that its abrogation provision applies to Indian tribes, it must at least use words that clearly and unequivocally refer to Indian tribes if it wishes to make that abrogation provision apply to them.” The appellate court ruled that Congress took away tribes' sovereign immunity as “domestic governments” covered by the Bankruptcy Code, stating that even though tribes are not explicitly named in the Code, “we have no doubt that Congress understood tribes to be domestic dependent nations,” and since those “are a form of domestic government, it follows that Congress understood tribes to be domestic governments.”
Defendants to pay $5.7 million for alleged data breach
On October 17, the U.S. District Court for the Northern District of Ohio granted final approval of a $5.7 million settlement in a class action against a fast-food chain (defendant) resolving allegations that it acted negligently for failing to protect customers’ data when hackers stole payment card information from more than 700 franchised restaurants. According to the order, in 2017, a data breach compromised the defendant’s customer payment data, which resulted in multiple lawsuits that were settled. In the current case, the plaintiffs sued the defendant for negligence related to insecure systems that led to the data breach. The plaintiffs alleged that the defendant’s negligence required financial institutions to spend resources to respond to the breach. Under the terms of the settlement, the defendant is required to pay under a per-card formula up to $5.73 million to resolve class member claims, which would include up to $3 million to pay class members’ claims ($1.00 per reissued card and $1.50 per card experiencing fraud within four weeks of the breach). The defendant is required to pay up to $500,000 for settlement administration, up to $30,000 for class representative service awards, and up to $2.2 million for attorneys’ fees and expenses.
District Court allows data sharing invasion of privacy claims to proceed
On May 4, the U.S. District Court for the Central District of California partially dismissed the majority of a putative class action accusing several large retailers and a data analytics company (collectively, “defendants”) of illegally sharing their consumer transaction data, allowing only an invasion of privacy claim to proceed. In 2020, plaintiffs’ claimed the retail defendants shared consumer data without authorization or consent, including “all unique identification information contained on or within a consumer’s driver’s license, government-issued ID card, or passport, e.g., the consumer’s name, date of birth, race, sex, photograph, complete street address, and zip code,” with the data analytics company who used the information to create “risk scores” that purportedly calculated a consumer’s likelihood of retail fraud or other criminal activity. The court permanently dismissed the plaintiffs’ California Consumer Privacy Act claims, finding that the state law was not in effect when some of the plaintiffs allegedly attempted returns or exchanges and that the law does not contain an express retroactivity provision. Additionally, while plaintiffs argued that the retail defendants engaged in “a pattern or practice of data sharing,” the court concluded that plaintiffs failed “to allege that they are continuing to return or exchange merchandise at these retailers such that their data is disclosed” to the data analytics company. The court also dismissed the FCRA claims, ruling that the data analytics company’s risk report is not a “consumer report” subject to the FCRA because it does not “bear on Plaintiff’s eligibility for credit.” Plaintiffs’ claims for unjust enrichment and violations of California's Unfair Competition Law were also dismissed. However, the court concluded that the plaintiffs had plausibly alleged a reasonable expectation of privacy against the defendants, pointing to “the wide discrepancy between Plaintiffs’ alleged expectations for Retail Defendants’ use of their data and its actual alleged use.”
“The court finds dismissing this claim at the pleading stage particularly inappropriate where, as is the case here, defendants are the only party privy to the true extent of the intrusion on Plaintiffs’ privacy,” the court stated. “Reading the Complaint in a light most favorable to Plaintiffs, Plaintiffs sufficiently allege that [] defendants’ intrusion into Plaintiffs’ privacy was highly offensive.”
Florida Court of Appeal: Bank may seek attorney’s fees as a condition of loan reinstatement
On May 4, the Florida Court of Appeal, Fourth District, held that a borrower cannot sue a law firm for sending a letter seeking to collect attorney’s fees because the mortgage contract gave the bank the right to seek attorney’s fees from a prior foreclosure action as a condition of reinstating the loan. Previously, a trial court had awarded the borrower attorney’s fees following dismissal of a prior foreclosure action. The bank later brought a new foreclosure action against the borrower concerning the same property, and the law firm representing the bank sent the borrower a reinstatement letter requiring payment of attorney’s fees incurred by the bank in the prior foreclosure action in order to reinstate the loan. The trial court, citing a 2019 decision in U.S. Bank Trust, N.A. v. Leigh, granted summary judgment in favor of the law firm on the grounds that “the law firm was entitled to immunity under the litigation privilege because the Florida Consumer Collection Practices Act (FCCPA) claim was based on the reinstatement letter the law firm sent during the foreclosure proceedings” and because the borrower lacked standing.
On appeal, the Court of Appeal agreed with the law firm that it was entitled to collect attorney fees and costs and that the borrower lacked standing to bring his FCCPA claim. According to the Court of Appeal, a provision in the mortgage contact included language that “if the borrower defaulted and the lender accelerated the loan, the borrower would have the right to reinstate the loan if certain conditions were met.” Among these conditions was that the borrower would agree to “pay all expenses incurred in enforcing this Security Instrument, including, but not limited to, reasonable attorneys’ fees.” Applying the rationale of Leigh, the Court of Appeal found “that the law firm did not violate the FCCPA because it sought to recover a legitimate expense it was entitled to recover pursuant to a contract, that being the expense of attorney’s fees the lender incurred in the prior foreclosure action.”