InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Michigan Court of Appeals affirms dismissal of post-judgment interest case, says state court rule precludes class actions
On April 21, the Michigan Court of Appeals affirmed a trial court’s dismissal of a post-judgment interest putative class action after concluding that a court rule that precludes “‘actions’ based on claimed violations of statutes that permit[ ] recovery of statutory damages in lieu of actual damages” necessitated the dismissal of the plaintiff’s class action claim. According to the opinion, after the plaintiff defaulted on her $900 credit card debt, the debt was assigned to the defendant debt collector who calculated the plaintiff’s unpaid balance to be $6,241.20. The defendant sought judgment against the plaintiff in that amount, plus interest, fees, and costs, and obtained a default judgment against the plaintiff after she did not respond. The defendant consequently obtained several writs of garnishment, all of which indicated that post-judgment interest had been added to the debt. Several years later, the plaintiff filed a putative class action alleging the defendant violated the FDCPA and the Michigan Regulation of Collection Practices Act (RCPA) by overstating how much she owed “and by impermissibly inflating [defendant’s] costs and the amount of interest it charged.” The state trial court dismissed the plaintiff’s class action claims with prejudice on the basis that Michigan Court Rules (MCR) preclude her from recovering statutory damages under the RCPA because the RCPA does not explicitly permit class actions. The court also dismissed her individual claims for lack of subject-matter jurisdiction.
On appeal, the plaintiff argued that the trial court erred when it dismissed her class action claims under MCR because she also sought equitable relief and actual damages; however, the Michigan Court of Appeals pointed to a provision in the MCR that states “[a]n action for a penalty or minimum amount of recovery without regard to actual damages imposed or authorized by statute may not be maintained as a class action unless the statute specifically authorizes its recovery in a class action.” The Court of Appeals explained that the RCPA is implicated under this rule because (i) it permits the recovery of statutory damages; and (ii) does not contain a provision explicitly permitting class actions, and as such, “plaintiff’s class action claims must be dismissed irrespective of the fact that she also sought injunctive relief, declaratory relief, and actual damages.” The Court of Appeals further held that even if the plaintiff attempted to plead individual claims, the case would not be allowed to proceed because the actual damages in this case are not high enough to meet the jurisdictional minimum amount in Michigan.
Defendants to pay $5 million for alleged data breach
On April 20, the U.S. District Court for the Southern District of California granted preliminary approval of a proposed class settlement, resolving claims against a medical supplier company after a data breach allegedly compromised personal information of its consumers in its database. According to the order, the plaintiffs’ alleged that between April 2019 and June 2019, hackers gained access to the defendant’s computer systems, which contained personal identifying information and protected health information of tens of thousands of individuals. Under the terms of the settlement, the defendants will pay $5 million, where each class member with a valid claim will receive between $100-$1000 in cash. The settlement also includes $2.3 million in attorneys’ fees and up to $4,000 for each of the class representatives. Additionally, the defendants will “be required to perform specified remedial measures for a minimum of the next two years and ‘perform either improved versions of such recommendations or the new industry standard thereafter for at least three additional years.’” The remedial measures include, among other things, conducting an AICPA and SOC Type 2 audit to be repeated until the defendant passes, engaging an independent third party to perform a HIPAA IT assessment, undergoing at least one cyber incident response test per year starting in 2022, requiring staff trainings about security and privacy at least twice a year, engaging a company to test its phishing and external facing vulnerabilities at least twice a year, and deploying a third-party enterprise SIEM tool with a 400-day look-back on logs.
District Court granted final approval of a $5.7 million class action overdraft fee settlement
On April 22, the U.S. District Court for the Northern District of New York granted final approval of a $5.7 million class action settlement resolving allegations related to overdraft fees applied to certain bank account transactions. According to plaintiffs’ unopposed motion for preliminary approval, the bank was sued in 2020 for allegedly unfairly assessing and collecting overdraft fees on “Authorize Positive, Purportedly Settle Negative Transactions” (APPSN fees) as well as NSF fees. The bank denied the allegations and moved to dismiss, contending that the relevant account agreements are unambiguous, and that even if there were, “extrinsic evidence resolves the ambiguity in its favor on the whether the fees at issue are permitted.” In August 2021, the parties notified the court that they had reached an agreement. Under the terms of the preliminarily approved settlement, the bank will make a $4.25 million cash payment and will “forgive, waive, and agree not to collect an additional” $1.5 million in uncollected overdraft fees. Class members, defined as all current and former bank customers with consumer checking accounts who were charged a relevant fee between December 4, 2013, and November 30, 2021, will automatically receive their pro rata share of the settlement fund without having to prove they were harmed from the bank’s practices. There are no claim forms, and class members will be determined through the bank’s checking account data. A formula will be used to calculate each class member’s distribution. Under the terms of the settlement approximately $2.9 million will go towards customers who were charged APPSN fees, while roughly $1.3 million will be allocated for customers who were charged retry NSF fees.
9th Circuit affirms district court’s ruling in TCPA case
On April 5, the U.S. Court of Appeals for the Ninth Circuit affirmed a district court’s decision denying a defendants’ motion to compel arbitration in a putative class action under the TCPA. The defendants were a digital marketing company and a debt-relief service company. According to the opinion, the plaintiffs visited the defendants’ websites, but allegedly did not see a notice in fine print stating, “I understand and agree to the Terms & Conditions which includes mandatory arbitration.” The underlined phrases “Terms & Conditions” and “Privacy Policy” were hyperlinks, but they appeared in the same gray font as the rest of the sentence. The marketing company and one of the defendants allegedly used the consumer’s contact information to conduct a telemarketing campaign on behalf of the debt relief companies by allegedly placing unsolicited telephone calls and text messaging consumers. The plaintiffs filed a putative class action, alleging that the calls and text messages were made without their consent, and therefore violated the TCPA. The defendants moved to compel arbitration, arguing that, by clicking on the “continue” buttons, the plaintiffs had agreed to the mandatory arbitration provision hyperlinked in the terms and conditions. The district court denied the defendants’ motion, concluding “that the content and design of the webpages did not conspicuously indicate to users that, by clicking on the ‘continue’ button, they were agreeing to [the service company’s] terms and conditions.”
On appeal, the 9th Circuit agreed with the district court, finding that the digital marketing company’s website did not contain a reasonably conspicuous notice of its terms and conditions. The 9th Circuit ruled that such notice must be expressly displayed in a font size and format where it can be deemed that a reasonable Internet visitor saw it and was aware of it. The appellate court noted that, on the websites at issue, “[t]he text disclosing the existence of the terms and conditions … is the antithesis of conspicuous,” and that “is printed in a tiny gray font considerably smaller than the font used in the surrounding website elements, and indeed in a font so small that it is barely legible to the naked eye. The comparatively larger font used in all of the surrounding text naturally directs the user's attention everywhere else.” The 9th Circuit also held that, “while it is permissible to disclose terms and conditions through a hyperlink, the fact that a hyperlink is present must be readily apparent. …[T]he design of the hyperlinks must put such a user on notice of their existence.”
District Court denies motion for corrective notice in class action data breach case
On April 18, the U.S. District Court for the District of South Carolina denied the plaintiffs’ motion for corrective notice in a putative class action, ruling that the defendant cloud computer service provider is not required to issue a corrective notice related to a 2020 data breach. In 2020, a data breach exposed the personal data of individuals whose information was managed by the defendant and provided to the defendant’s clients. The plaintiffs alleged that the defendant’s “deficient” security program led to the data breach, and that the defendant failed to implement security measures to mitigate the risk of unauthorized access, used outdated servers, stored obsolete data, and maintained unencrypted data fields. The judicial panel on multidistrict litigation eventually consolidated several putative class actions arising from the data breach for coordinated pretrial proceedings. Plaintiffs argued that corrective notice to customers was appropriate, claiming the defendant “made numerous misrepresentations” related to the type of data stolen and performed “an unreliable risk of harm analysis that did not actually take into account the harm class members faced as a result of the breach.” The court disagreed, ruling that such corrective notice is improper at this stage. “Ultimately, the Federal Rules of Civil Procedure do not authorize Plaintiffs’ request to widely disseminate a notice endorsing their position on dispositive issues to [Defendant’s] customers, who are not parties or putative class members in this case, where Plaintiffs have not shown that [Defendant] made misleading communications regarding this litigation,” the court ruled.
District Court grants final approval to class action data breach settlement against national convenience store chain
On April 20, the U.S. District Court for the Eastern District of Pennsylvania granted final approval to a settlement in a class action against a national convenience store chain (defendant) for a 2019 data security incident that allegedly compromised consumers’ credit and debit card information. As previously covered by InfoBytes, class members claimed that “despite the foreseeability of a data breach” the defendant, among other things, “failed to implement adequate measures to protect the sensitive, non-public payment card information entrusted to it by its customers.” In May 2021, the court ruled that the defendant must face certain claims filed by a group of financial institutions (covered by InfoBytes here). In August, the court granted preliminary approval of the settlement, which required the defendant to provide monetary relief to class members totaling approximately $9 million, plus $3.2 million for attorneys’ fees and expenses and class representative service awards, in addition to requiring the defendant to take additional measures for a period of two years to prevent future unauthorized intrusions. The settlement includes three tiers of customers, who will receive gift cards for either $5 or $15, or $500 in cash, depending on the level of their injury caused by the data breach.
District Court grants final approval in usury class action settlement
On August 16, the U.S. District Court for the Eastern District of Virginia granted final approval of a class action settlement resolving a purported scheme to unlawfully use tribe-owned firms to make online short-term loans and charge triple-digit interest rates. According to the memorandum of law in support of plaintiffs’ motion for preliminary approval of class action settlement and the stipulation and agreement of settlement, the district court previously approved two class settlements related to the lending enterprise. The first resulted in the purported lender and others: (i) repaying over $53 million dollars in cash; and (ii) forgiving over $380 million dollars of debt owed by consumers who took out loans with three lending companies. However, these settlements did not resolve every claim surrounding the purported scheme, and did not resolve claims with the settling defendant. The plaintiffs claimed that the settling defendant assisted the purported lender’s operations despite a corporate spinoff in May 2014, alleging that “[b]ecause many [of the purported lender’s] employees with institutional knowledge of and involvement in the company’s rent-a-tribe lending business were quickly transferred to [the settling defendant], [the purported lender] required and depended on continued involvement by [the settling defendant] and its employees in operating its rent-a-tribe lending business, which involvement was freely and often provided.” Under the terms of the preliminarily approved settlement, the settling defendant must provide monetary relief to class members totaling approximately $45 million.
District Court grants final approval of $10 million class action settlement
On April 11, the U.S. District Court for the Eastern District of New York granted final approval to a $10 million class action settlement resolving allegations that a defendant bank breached its payment card processing servicing contracts with merchants by imposing excessive fees without contractually required notice. Additionally, the plaintiffs alleged that the defendant was “unjustly enriched by imposing early termination fees that constituted unlawful penalties.” The settlement class includes over 200,000 merchants that entered into a payment card processing servicing contract with the defendant and who paid at least one of the fees underlying the litigation from October 2011 to the settlement date. Those fees include annual fees, early termination fees, and paper statement fees. According to the memorandum in support of the unopposed motion for preliminary approval of class settlement, the deal would provide $10 million in cash to the settlement class, and attorneys representing the class can seek up to one-third of that fund in attorneys’ fees. In addition, each of the three class representatives will be granted $10,000 service awards, per the motion.
District Court rules “informational harm” does not create standing in FDCPA case
On April 6, the U.S. District Court for the District of Connecticut granted a defendant law firm’s motion for judgment on the pleadings in a putative class action, ruling the plaintiff lacked standing to bring a claim for abusive debt collection under the FDCPA. The plaintiff incurred a debt that was placed with a collection agency. The collection agency sent the plaintiff a letter, to which the plaintiff sent three letters disputing the debt and requesting validation of the debt as well as the agency’s authority to collect on the debt. According to the plaintiff, she never received the requested verification. The original creditor eventually hired the defendant to collect the debt. The defendant sent its own letter enclosing verification of the debt. The plaintiff sued alleging the defendant’s letter violated Section 1692g(b) of the FDCPA, which requires debt collection efforts to cease after timely dispute of a debt until the debt collector provides verification of the debt to the debtor. According to the plaintiff, her previous requests for validation triggered obligations under Section 1692g(b) with respect to the defendant, thus obligating the defendant to cease collection efforts until the validation information was provided to the plaintiff. She also asserted violations of Section 1692(e) on the grounds that an attorney did not meaningfully review her file before the defendant’s letter was sent. The defendant moved for judgment on the pleadings on two grounds: lack of standing and failure to state a claim that defendant violated the FDCPA.
The court agreed with the defendant that the plaintiff failed to show an injury-in-fact, as required for Article IIII standing, and instead only alleged informational harm including confusion caused by the defendant’s letter. The court held that confusion is not a legally cognizable injury and found that the plaintiff lacked standing because she did not suffer a cognizable injury.
9th Circuit: Defendant is liable for third-party calls
Recently, the U.S. Court of Appeals for the Ninth Circuit affirmed in part and reversed in part a district court’s ruling that a defendant knew its third-party contractor was making pre-recorded calls to prospective consumers without consumers’ consent in violation of the TCPA. As previously covered by InfoBytes, in December 2017, consumers filed a consolidated class action against a cruise line, alleging violations of, among other things, the TCPA for marketing calls made to class members’ cell phones using an automatic telephone dialing system between November 2016 and December 2017. The suit alleged that the defendant hired a company to generate leads and initiate telephone calls to prospective consumers for cruise packages. The U.S. District Court for the Southern District of California denied dismissal of the TCPA action for lack of subject matter jurisdiction, concluding that the Court’s decision in Barr v. American Association of Political Consultants Inc., did not invalidate the TCPA in its entirety from 2015 until July 2020. In Barr the U.S. Supreme Court held that the TCPA’s government-debt exception is an unconstitutional content-based speech restriction and severed the provision from the remainder of the statute. (Covered previously by InfoBytes here.)
On the appeal, the issue was whether the defendant is liable under the TCPA for prerecorded voice calls made by the third-party contractor to the plaintiffs, who had not given prior express consent to be called. The 9th Circuit agreed with the district court’s decision in granting summary judgment for the defendant where the TCPA did not require the defendant to ensure that the third-party contractor had prior express consent for each call that it made to the defendant’s customers, nor did the defendant have actual authority over the third-party contractor. However, the 9th Circuit concluded that the defendant may be vicariously liable for the third-party contractor’s calls because it might have ratified them. The appellate court noted that the defendant knew that it received 2.1 million warm-transferred calls from the company between January 2017 and June 2018, but only 80,081 of those transfers were from individuals who had allegedly consented to receiving the calls. The defendant also had knowledge that there was a slew of mismatched caller data, and that the third-party contractor placed calls using prerecorded voices. The appellate court wrote that, “[t]hese facts, in combination with the evidence of widespread TCPA violations in the cruise industry, would support a finding that [the defendant] knew facts that should have led it to investigate [the company’s] work for TCPA violations.”