On May 7, the U.S. Attorney for the Southern District of New York announced mail and wire fraud charges against a debt settlement firm, its owner, and three of its employees. The government alleges the defendants lied to prospective customers about (i) fees associated with the company’s debt relief products, (ii) the company’s purported affiliation with the federal government and leading credit bureaus, and (iii) the results achieved for its customers. On the same day, the CFPB filed a civil complaint against the same debt relief provider and one other company in which the CFPB alleges the firms violated the FTC’s Telemarketing Sales Rule and the Dodd-Frank Act by charging consumers illegal advance fees for debt-settlement services. The CFPB is seeking to halt the operations, collect civil penalties, and obtain customer redress.

On May 3, the FTC approved a final order settling charges against a California-based cord blood bank firm alleged to have violated the FTC Act by failing to use reasonable and appropriate procedures for handling customers’ personal information, despite its privacy policy claims to the contrary. Further, the FTC alleged that the firm created unnecessary risks to personal information by transporting portable data storage devices containing personal information in a manner that made the information vulnerable to theft, and failed to prevent, detect and investigate unauthorized access to computer networks. According to the FTC, these practices resulted in a data breach in which certain portable devices were stolen from an employee’s personal vehicle and the personal information of nearly 300,000 customers was compromised. The settlement requires the company to establish a comprehensive information security program and submit to security audits by independent auditors every other year for 20 years, and prohibits the company from misrepresenting the privacy and security of information collected from consumers.

On May 7, the FTC released letters it sent to 10 data brokers warning that certain of the brokers’ practices could violate FCRA privacy protections. The announcement states that data broker companies that collect, distribute or sell information about consumers’ creditworthiness, eligibility for insurance, or suitability for employment are subject to FCRA, and as such, have an obligation to reasonably verify the identities of their customers and make sure that customers have a legitimate purpose for receiving consumer information. The letters were issued pursuant to an FTC “test-shopping” operation as part of an international privacy practice transparency sweep conducted by the Global Privacy Enforcement Network. The operation and subsequent warnings letters are the latest move by the FTC to address data broker compliance with FCRA. Last year, the FTC ordered certain data brokers to produce information about their collection and use of consumer data and announced at least one settlement with a data broker regarding FCRA compliance. However, the letters do not constitute an official notice that the companies are subject to FCRA or act as formal complaints, but rather “remind” the companies to review their practices to determine whether they are consumer reporting agencies subject to FCRA.

On May 1, the FTC and the CFPB announced a roundtable to “examine the flow of consumer data throughout the debt collection process” and discuss (i) the amount of documentation and other information currently available to different types of collectors and at different points in the debt collection process, (ii) the information needed to verify and substantiate debts, (iii) the costs and benefits of providing consumers with additional disclosures about their debts and debt-related rights, and (iv) information issues relating to pleading and judgment in debt collection litigation. The event will be held on June 6, 2013 in Washington, DC and is open to the public.

On April 25, the FTC issued updated FAQs on the recently amended Children’s Online Privacy Protection Act Rule. The FAQs provide supplemental guidance designed to help website operators, mobile application developers, plug-ins and advertising networks operating on child-directed websites and online services prepare for the amended regulations, which take effect on July 1, 2013.

On April 17, the FTC requested input on the consumer privacy and security issues posed by the connectivity of consumer devices in advance of a public workshop to be held on November 21, 2013. The request notes that connected devices can communicate with consumers, transmit data back to companies, and compile data for third parties. While advances in connected devices provide consumer benefits, greater connectivity also poses privacy and security risks. The FTC seeks comment on (i) the significant developments in services and products that make use of this connectivity, (ii) the technologies that enable this connectivity (e.g., RFID, barcodes, wired and wireless connections), (iii) the current and future uses of smart technology, (iv) consumer benefits, (v) privacy and security concerns, and (vi) how privacy risks should be weighed against potential societal benefits. The FTC is accepting comments through June 1, 2013.

On March 20, the CFPB presented to Congress its annual report on implementation and enforcement of the FDCPA. The report (i) summarizes the Bureau’s Consumer Response function, which does not currently cover debt collection complaints, and the number and types of consumer complaints regarding debt collection received by the FTC in 2012, (ii) describes the CFPB’s debt collection supervision program, (iii) presents recent enforcement and advocacy program developments, (iv) discusses recent education and outreach, as well as research and policy initiatives, and (v) discusses coordination and cooperation between the CFPB and the FTC. Because the FTC and the CFPB share FDCPA implementation and enforcement responsibilities, the report incorporates a letter from the FTC regarding its FDCPA-related activities. The CFPB reported that the FTC continues to receive more complaints for the debt collection industry than for any other. The report also highlights (i) the debt collection aspects of a CFPB enforcement action against a credit card company, (ii) the Supreme Court’s recent decision upholding court discretion to award costs to prevailing FDCPA defendant creditors, and (iii) FTC enforcement activities.

On March 8, the FTC released a report on mobile payments by consumers. The report, based on a FTC workshop held in April 2012, focuses on financial, security, and privacy consumer protections. The FTC encourages companies to develop clear dispute resolution policies to address customer claims of fraudulent mobile payments or unauthorized charges. The report highlights “special concerns” with mobile carrier billings, in which mobile carriers place charges on phone bills on behalf of third-parties, based on the FTC’s concern that there are no federal statutory protections governing consumer disputes about fraudulent or unauthorized charges placed on mobile carrier bills. The FTC also encourages industry-wide adoption of strong security measures and suggests ways sensitive financial information can be kept secure during the mobile payment process, including end-to-end encryption. The report highlights the need for mobile payment companies to practice “privacy by design,” incorporating strong privacy practices, consumer choice, and transparency into their products from the outset. Finally, the report notes privacy issues arising from the consolidation of consumers’ personal information in the mobile payment process.

Yesterday, the FTC released guidance for mobile and other online advertisers. The new guidance, “.com Disclosures: How to Make Effective Disclosures in Digital Advertising,” adapts and expands prior FTC guidance to account for a decade’s worth of additional experience with online marketing practices, consumers’ increasing use of smartphones, and merchants’ increasing use of social media marketing.

The new guidance highlights several key considerations for businesses as they develop advertisements for online and mobile media:

• The same consumer protection laws – e.g. UDAP – that apply to commercial activities in other media apply online and in the mobile marketplace.
• Limitations and qualifying information should be incorporated into any underlying claim, rather than provided as a separate disclosure qualifying the claim.
• Marketing materials that may be viewed on a variety of platforms, including handheld devices, should be designed so that required disclosures are effectively delivered on all of the platforms.
• Required disclosures must be clear and conspicuous, as determined by numerous factors.
• If a disclosure is necessary to prevent an advertisement from being deceptive, unfair, or otherwise violative of a FTC rule, and it is not possible to make the disclosure clearly and conspicuously, then that ad should not be disseminated.

To meet the clear and conspicuous standard, Read more…

On February 28, the FTC announced that President Obama will designate Edith Ramirez as Chairman of the FTC, effective March 4, 2013. Ms. Ramirez became an FTC commissioner on April 5, 2010, and has focused on promoting competition and innovation in the technology and healthcare sectors, protecting vulnerable consumers from deceptive and unfair practices, and safeguarding consumer privacy. Prior to joining the FTC, Ms. Ramirez was a lawyer in private practice, and before that served as the Vice President on the Board of Commissioners for the Los Angeles Department of Water and Power.

On February 20, the FTC announced that it obtained a preliminary injunction in the U.S. District Court for the District of Nevada against a firm and affiliated entities alleged to have debited consumers’ bank accounts and charged their credit cards small amounts, without authorization. Although the FTC does not yet know how the defendants obtained the consumers’ financial information, the FTC states that some consumers had recently applied for payday loans via the Internet. The FTC’s complaint alleges that the firms attempted to conceal the scheme by (i) creating dozens of shell companies to open merchant accounts with payment processors that enable merchants to get customers’ money via electronic banking, (ii) registering more than 230 Internet domain names, often using identity-hiding services and auto-forward features, and (iii) inflating their total number of deposits and lowering their return rates by taking multiple unauthorized debits of a few pennies each, and then immediately refunding them before making a larger debit of about $30. The FTC is seeking, among other things, restitution and a permanent injunction. The FTC was assisted in its investigation by the Utah Department of Commerce’s Division of Consumer Protection and the Arkansas Attorney General Office’s Consumer Protection Division.

On February 1, the FTC sent a letter to the CFPB describing the FTC’s debt collection-related activities over the past year. The responsibility to report to Congress each year on implementation and enforcement of the FDCPA shifted from the FTC to the CFPB last year, but given their shared authority with regard to the FDCPA, the CFPB relies on the FTC to provide information for inclusion in its annual report. The FTC letter recaps the agency’s law enforcement efforts, including the filing or resolution of four actions against collectors alleged to have engaged in deceptive, unfair, or abusive conduct and the filing or resolution of three actions related to phantom debt collection. The letter also highlights outreach and policy activities, including the FTC’s recent debt buyer study.

On February 4, the California Court of Appeal, Third District, held the FTC’s Holder Rule allows borrowers to assert claims against a lender assignee that they might otherwise have against the auto dealer with whom the borrowers entered the installment contract. Lafferty v. Wells Fargo Bank, No. C0678812, 2013 WL 412900 (Cal. App. Ct. Feb. 4, 2013). The borrowers stopped making payments on their motor home, disclaimed their ownership interest, and filed suit against the dealer with whom they financed the purchase of the vehicle after the dealer refused to make repairs to the vehicle. Relying upon the FTC’s Holder Rule, which requires language in every consumer installment contract to state that any holder of the consumer credit contract is subject to all claims and defenses which the debtor could assert against the seller of the goods, the borrowers sued the bank to whom their loan had been assigned. After a trial court dismissed the case, the borrowers appealed. The appeals court reversed the judgment, holding that the “plain meaning of the Holder Rule allows the [borrowers] to assert claims against [the bank] they might otherwise have against [the dealer],” but limited the borrowers’ recovery to the actual amounts paid under the installment contract. The appeals court declined to follow courts in other jurisdictions that looked beyond the plain meaning of the rule to assess the FTC’s original intent in adopting the rule, and rejected the bank’s argument that the Reese-Levering Act limits the borrowers’ right to rescission of the contract. The appeals court also held that the borrowers stated causes of action against the bank under the CLRA and for negligence, but that their claim for negligent defamation of credit was preempted by the Fair Credit Reporting Act. The appeals court reversed the trial court order.

On February 11, the FTC released the results of its study of the U.S. credit reporting industry, including its finding that five percent of consumers had errors on one of their three major credit reports that could lead to them paying more for products. The study also found that (i) one in four consumers identified errors on their credit reports that might affect their credit scores; (ii) one in five consumers had an error that was corrected by a credit reporting agency (CRA) after it was disputed; (iii) four out of five consumers who filed disputes experienced some modification to their credit report, with slightly more than one in 10 noticing a change in their credit score after the agencies modified errors on their credit report; (iv) approximately one in 20 consumers had a maximum score change of more than 25 points and only one in 250 consumers had a maximum score change of more than 100 points. The main types of disputed and confirmed material errors identified by the study were errors in the trade line (consumer accounts) or collections information. The FTC report is the first major study that looks at the full range of participants in the credit reporting and scoring process, including consumers; data furnishers, which include creditors, lenders, debt collection agencies, and the court system; the Fair Isaac Corporation, which develops FICO credit scores; and the national CRAs. The FTC is required to conduct a study of credit report accuracy and provide interim reports every two years, through 2012, with a final report due in 2014. Late last year, the CFPB, which shares jurisdiction over CRAs, published a white paper on its review of how the three largest CRAs manage consumer data and complaints.