On December 4, the CFPB fined a New Jersey-based debt-settlement service provider $69,075 in civil monetary penalties for alleged violations of the FTC’s Telemarketing Sales Rule (TSR). The CFPB alleged that the firm charged upfront fees to consumers which are prohibited for debt-settlement services. Further, the CFPB charged that the firm failed to provide debt-settlement services to consumers which harmed their credit history. In addition to the civil money penalty, the consent order requires the firm submit a compliance plan that includes (i) written policies and procedures designed to prevent violations of the TSR; (ii) training programs addressing the TSR and Federal consumer financial laws; (iii) written compliance monitoring processes; (iv) consumer complaint monitoring process; and (v) specific deadlines for when the compliance plan will be completed.
On January 28, the FTC released a comprehensive report detailing what the so-called “Internet of Things” is, how it is being used, and how both consumers and businesses can protect themselves. The report defines the Internet of Things as “devices or sensors – other than computers, smartphones, or tablets – that connect, store or transmit information with or between each other via the Internet,” and that are sold to or used by consumers. The report focuses on consumer privacy and security and offers a variety of recommendations for those companies offering devices that fall within the definition, including that security be a key part of the design process and data collection be limited where possible. The report does not call for new legislation specific to the Internet of Things because the FTC believes such legislation would be premature. The FTC states that it will use existing authority under laws such as the FTC Act, the Fair Credit Reporting Act, the Hi-Tech Act, and the Children’s Online Privacy Protection Act to take actions against Internet of Things products and services as necessary to protect consumers.
On November 19, the DOJ issued a press release announcing charges against six employees of a Georgia-based debt collection company for allegedly running a $4.1 million dollar debt collection scam. According to the press release, from approximately 2009 to May 2014, the accused employees allegedly falsely represented themselves as affiliated with various law enforcement agencies, and made a variety of false statements to consumers in an attempt to coerce them into making payments to the debt collection company. The action appears to be the first case in which multiple federal agencies – U.S. Attorneys’ Office, CFPB, FBI, and the FTC – have taken a coordinated action against a debt collector. The complaint was filed in the Southern District of New York.
On October 23, the CFPB and the FTC will hold a roundtable to discuss the effects of debt collection and credit reporting in the Latino community. The event will focus on the customers with limited English proficiency, and is scheduled to take place from 9 a.m. to 5 p.m. in Long Beach, CA.
On October 8, the FCC announced a $105 million settlement – the largest in the agency’s history – with a mobile telephone company to resolve allegations that the company engaged in unauthorized billing practices. According to the FCC, the company charged customers for third-party services, such as subscriptions for ringtones, wallpapers, and certain premium text messages, for which they did not sign up. Many customers contested the charges, only to discover that the company either refused to issue refunds or refunded them for only one or two months. Under the terms of the settlement, which the FCC negotiated with the FTC and the attorney generals of the 50 states and the District of Columbia, the company must pay $80 million to the current and former customers affected by its billing practices, $20 million to the state governments involved in the settlement, and $5 million to the U.S. Treasury.
On September 23, the Federal Trade Commission released a statement announcing the settlement of claims and a default judgment against a debt collection operation based out of Atlanta and Cleveland and its principals, barring them from debt collection activities and subjecting the defendants to a judgment of over $9.3 million. According to the release, the defendants violated FDCPA by threatening consumers with legal action unless they rendered payment on debts that the consumer, in many cases, did not actually owe. The defendants were alleged to use fictitious business names that implied affiliation with a law firm to harass consumers, through robocalls and voicemails, to make payments on these non-existent debts.
Federal Appeals Court Upholds District Court Order Barring Telemarketers From Selling Mortgage And Debt Relief Programs
This month, the U.S. Court of Appeals for the Sixth Circuit issued a decision to uphold the District Court of Northern Ohio’s earlier ruling prohibiting the defendants from selling false mortgage assistance and debt relief programs through a telemarketing scheme. F.T.C. v. E.M.A. Nationwide, Inc., No. 1:12-CV-2394 (N.D. Ohio Aug. 27, 2013). Since at least mid-2010, the defendants were allegedly deceiving consumers by promising that the programs would “help them pay, reduce, or restructure their mortgage and other debts.” According to the FTC’s press release, in September 2012, the defendants were charged with violations of: (i) the FTC Act; (ii) the Commission’s Telemarketing Sales Rule; and (iii) the Mortgage Assistance Relief Services Rule. The court ordered the defendants to jointly pay restitution of more than $5.7 million to the consumers affected by the fraudulent practices.
On September 12, a mortgage refinancing lead generator, Intermundo Media, LLC (doing business as Delta Prime Refinance), agreed to pay a $500,000 civil penalty, among other things, to settle the FTC’s allegations that the company produced and distributed false advertisements that misrepresented to consumers that they could refinance their mortgages at no cost. The FTC’s complaint alleged that Intermundo’s advertisements violated the Federal Trade Commission Act, the Mortgage Acts and Practices Advertising Rule, or “MAP” Rule, and Regulation N, and the Truth in Lending Act and Regulation Z. The advertisements, which were published on the company’s own website, as well as websites such as Google, Microsoft, AOL, and Yahoo!, allegedly exaggerated the amount that consumers could reduce their payments if they refinanced their mortgages, the amount that their refinanced APR would be, and how easy it would be to qualify for refinancing. Some of the advertisements falsely claimed that there were no fees associated with the refinancing, and other advertisements claimed that fixed interest rates were available, when the rates actually were variable. As part of the settlement, Intermundo will pay a $500,000 civil penalty and will be enjoined from committing further violations and from selling, disclosing or transferring the consumer data obtained through the Delta Prime Refinance lead generation service. The complaint was filed in the U.S. District Court for the District of Colorado, and the proposed consent decree, which contains the terms of the settlement, is subject to court approval.
Recently, the CFPB signed a memorandum of understanding with the Departments of Veterans Affairs, Defense and Education to improve outreach and transparency to veterans and servicemembers by providing meaningful information to help them make informed decisions when selecting an institution of higher learning, including access to financial cost and performance outcome information. These improvements for military educational benefit recipients are designed to prevent deceptive recruiting practices and ensure that educational institutions provide high-quality academic and support services to veterans and servicemembers. Specifically, the agreement requires the CFPB to (i) designate the Assistant Director for Servicemember Affairs, Holly Petraeus, as the point of contact for information sharing processes among the Departments of Veterans Affairs, Defense and Education; (ii) alert agencies to patterns of noncompliance; and (iii) provide complaint data to the FTC. On August 26, the CFPB issued a press release describing this agreement as a means to better protect veterans, servicemembers, and their family members attending college by carrying out “a comprehensive strategy to strengthen enforcement and compliance work.” The agreement is effective July 18, 2014.
On August 22, the CFPB and the federal banking agencies (Fed, OCC, FDIC and NCUA) issued interagency guidance regarding unfair or deceptive credit practices (UDAPs). The guidance clarifies that “the repeal of the credit practices rules applicable to banks, savings associations, and federal credit unions is not a determination that the prohibited practices contained in those rules are permissible.” Notwithstanding the repeal of these rules, the agencies preserve supervisory and enforcement authority regarding UDAPs. Consequently, the guidance cautions that “depending on the facts and circumstances, if banks, savings associations and Federal credit unions engage in the unfair or deceptive practices described in the former credit practices rules, such conduct may violate the prohibition against unfair or deceptive practices in Section 5 of the FTC Act and Sections 1031 and 1036 of the Dodd-Frank Act. The Agencies may determine that statutory violations exist even in the absence of a specific regulation governing the conduct.” The guidance also explains that the FTC Rule remains in effect for creditors within the FTC’s jurisdiction, and can be enforced by the CFPB against creditors that fall under the CFPB’s enforcement authority.
On August 19, the FTC approved final orders resolving allegations that two companies: (i) misrepresented the level of security of their mobile applications; and (ii) failed to secure the transmission of millions of consumers’ sensitive personal information. The FTC alleged that one company’s application assured consumers that their credit card information was stored and transmitted securely even though the company disabled a higher level of security validation, which allowed such credit card information to be intercepted. In addition, the company allegedly failed to have an adequate process for receiving vulnerability reports from security researchers and other third parties. The FTC alleged that the second company also disabled enhanced security validation despite claiming that it followed industry-leading security precautions, which also left consumers’ information vulnerable to interception. The final settlement orders require both companies to establish comprehensive programs designed to address security risks during the development of their applications and to undergo independent security assessments every other year for the next 20 years. The settlements also prohibit the companies from misrepresenting the level of privacy or security of their products and services.
On August 14, the Center for Digital Democracy (CDD) announced that it filed a complaint with the FTC claiming that 30 U.S. companies are compiling, using, and sharing EU consumers’ personal information without their awareness and meaningful consent, in violation the U.S.-EU Safe Harbor Framework. The U.S.-EU Safe Harbor Framework established a self-certification program that allows a company to collect information from European consumers without strictly following the EU’s more stringent data protection standards, provided the company (i) provides clear notice of their data-collection practices and data uses; and (ii) allows consumers to “opt-out” of data collection practices to which they did not previously agree. According to its press release, the CDD wants the FTC to investigate the companies for “relying on exceedingly brief, vague, or obtuse descriptions of their data collection practices, even though [U.S.-EU] Safe Harbor requires meaningful transparency and candor.” The complaint identifies several broad concerns that the CDD claims illustrate the inadequacy of the U.S.-EU Safe Harbor Framework, including: (i) the failure of U.S.-EU Safe Harbor declarations and required privacy policies to provide accurate and meaningful information to EU consumers; (ii) a lack of transparency by companies about their data collection; and (iii) the failure of companies to provide meaningful opt-out mechanisms. The FTC has already taken more than a dozen actions this year to enforce the U.S.-EU Safe Harbor Framework.
On August 1, the FTC released a staff report on the agency’s review of shopping apps—those used for comparison shopping, to collect and redeem deals and discounts, and to complete in-store purchases. The FTC staff examined information available to consumers before they download the software onto their mobile devices—specifically, information describing how apps that enable consumers to make purchases dealt with fraudulent or unauthorized transactions, billing errors, or other payment-related disputes. The staff also assessed information on how the apps handled consumer data. The FTC staff determined that the apps studied “often failed to provide pre-download information on issues that are important to consumers.” For example, according to the report, few of the in-store purchase apps provided any information prior to download explaining consumers’ liability or describing the app’s process for handling payment-related disputes. In addition, according to the FTC, most linked privacy policies “used vague language that reserved broad rights to collect, use, and share consumer data, making it difficult for readers to understand how the apps actually used consumer data or to compare the apps’ data practices.” The FTC staff recommends that companies that provide mobile shopping apps to consumers: (i) disclose consumers’ rights and liability limits for unauthorized, fraudulent, or erroneous transactions; (ii) clearly describe how they collect, use, and share consumer data; and (iii) ensure that their strong data security promises translate into strong data security practices. The report also includes recommended practices for consumers.
On July 23, the CFPB, the FTC, and 15 state authorities coordinated to take action against foreclosure relief companies and associated individuals alleged to have employed deceptive marketing tactics to obtain business from distressed borrowers. The CFPB filed three suits, the FTC filed six, and the state authorities collectively initiated 32 actions. For example, the CFPB claims the defendants (i) collected fees before obtaining a loan modification; (ii) inflated success rates and likelihood of obtaining a modification; (iii) led borrowers to believe they would receive legal representation; and (iv) made false promises about loan modifications to consumers. The CFPB and FTC allege that the defendants violated Regulation O, formerly known as the Mortgage Assistance Relief Services (MARS) Rule, and that some of the defendants also violated the Dodd-Frank Act’s UDAAP provisions and Section 5 of the FTC Act, respectively. The state authorities are pursuing similar claims under state law. For example, New York Attorney General Eric Schneiderman announced that he served a notice of intent to bring litigation against two companies and an individual for operating a fraudulent mortgage rescue and loan modification scheme that induced consumers into paying large upfront fees but failed to help homeowners avoid foreclosure.
On May 27, the FTC released a report that claims—based on a study of nine data brokers—that data brokers generally operate with a “fundamental lack of transparency.” The FTC describes data brokers as companies that collect personal information about consumers from a wide range of sources and then provide that data for purposes of verifying an individual’s identity, marketing products, and detecting fraud or otherwise mitigating risk. The report is based in part on the nine brokers’ responses to FTC orders that required the brokers to provide information about: (i) the nature and sources of the consumer information the data brokers collect; (ii) how they use, maintain, and disseminate the information; and (iii) the extent to which the data brokers allow consumers to access and correct their information or to opt out of having their personal information sold or shared. The report summarizes the companies’ data acquisition processes, their product development and the types of products they provide, the quality of the data collected and sold, the types of clients to whom the data is sold, and consumer controls over the information. The FTC recommends that Congress consider enacting data broker legislation that would, among other things: (i) require data brokers to give consumers access to their data and the ability to opt out of having it shared for marketing purposes; (ii) require data brokers to clearly disclose that they not only use raw data, but that they also derive certain inferences from the data; (iii) address gaps in FCRA to provide consumers with transparency when a company uses a data broker’s risk mitigation product that limits a consumer’s ability to complete a transaction; and (iv) require brokers who offer people search products to allow consumers to access their own information and opt out of the use of that information, and to disclose the sources of the information and any limitations of the opt out.