Consumer Financial Services Law Monitor

Consumer Financial Services Law Monitor

monitoring the financial services industry to help companies navigate through regulatory compliance, enforcement, and litigation issues

Ronald I. Raether, Jr.

Ronald I. Raether, Jr.

Blog Role:
Editor – Cyber Security, Information Governance & Privacy

CFS Value:
Ron Raether understands technology and specializes in responding to data integrity events (breach response) and advising companies on maximizing data use through multiple regulatory environments.

Subscribe to all posts by Ronald I. Raether, Jr.

Second Circuit Affirms Dismissal of Putative Data Breach Class Action Against Michaels

Posted in ALL CFS Blog Entries, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy
On May 23, 2017, in Whalen v. Michaels Stores, Inc., the United States Court of Appeals for the Second Circuit issued a summary order affirming the district court’s dismissal of a putative data breach class action based on lack of Article III standing. As background, the named plaintiff Mary Jane Whalen made credit card purchases at… Continue Reading

NY AG Settles with IoT Company over Security Practices

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Featured Posts, State Attorneys General, CFPB, & FTC
On May 22, 2017, New York Attorney General Eric Schneiderman announced a settlement with Safetech Products LLC (“Safetech”) over allegations that the Internet of Things (IoT) company sold insecure wireless door and padlocks.  According to the Attorney General, the settlement marks the first time a state Attorneys General has taken legal action against a wireless… Continue Reading

Class Action Filed Against Chipotle for Data Security Breach Involving Payment Processing System

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
On May 4, Bellwether Community Credit Union filed a class action suit on behalf of a proposed class of financial institutions in Colorado federal court against Chipotle Mexican Grill, Inc., claiming that the chain’s recently announced data breach caused significant financial harm to the credit union.  Bellwether’s complaint alleges that Chipotle’s purportedly lax security standards… Continue Reading

Join Us for the ISSA Summit in LA on May 18-19

Posted in ALL CFS Blog Entries, CFS Events, Cyber Security, Information Governance & Privacy
We are pleased to announce that Troutman Sanders partner Ronald Raether will be a featured speaker at the Ninth Annual Information Security Summit hosted by the Los Angeles Chapter of the Information Systems Security Association (ISSA) at the Universal City Hilton.  During a lunch panel discussion on May 19, Ron will address emerging topics in privacy and… Continue Reading

Spokeo Strikes Again: Fourth Circuit Reverses and Dismisses $12 Million FCRA Class Action on Spokeo Grounds

Posted in ALL CFS Blog Entries, Background Screening, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors, Featured Posts
In one of the most significant post-Spokeo decisions to date, the Fourth Circuit unanimously reversed and dismissed a nearly $12 million Fair Credit Reporting Act (“FCRA”) class action judgment, finding plaintiff, Michael T. Dreher, lacked Article III standing to bring his claims. The decision provides much needed clarity from the Fourth Circuit on the viability… Continue Reading

FTC and NHTSA to Hold Workshop on Connected Vehicles

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The Federal Trade Commission and the National Highway Traffic Safety Administration are teaming up to hold a workshop on June 28, 2017 related to privacy and security issues posed by connected vehicles.  The FTC has requested that comments related to this issue be submitted online or by mail by May 1. “Connected vehicles” include most… Continue Reading

California’s Regulation Regarding Consideration of Criminal History in Employment Decisions

Posted in ALL CFS Blog Entries, Background Screening, Credit Reporting & Data Brokers
The Fair Employment and Housing Council published the final text for the “Consideration of Criminal History in Employment Decisions” regulation on March 27, 2017.  This regulation, effective July 1, 2017, impacts employers’ consideration of criminal history information for employment purposes, including those related to layoffs.  Employers are well-advised to take a fresh look at their… Continue Reading

Court Preliminarily Approves $1.2M FACTA Class Action Settlement Against Microsoft

Posted in ALL CFS Blog Entries, Credit Reporting & Data Brokers
The United States District Court for the Southern District of Florida recently granted preliminary approval of a Fair and Accurate Credit Transactions Act (“FACTA”) class action against Microsoft Corporation. In Guarisma v. Microsoft Corp., the named plaintiff, Carlos Guarisma, filed a putative class action against Microsoft in November 2015, alleging that the software company’s retail… Continue Reading

Join Us at the NAPBS 2017 Mid-Year Legislative & Regulatory Conference

Posted in ALL CFS Blog Entries, Background Screening, Credit Reporting & Data Brokers
We are pleased to announce that Troutman Sanders partners David Anthony, Cindy Hanson,  Ron Raether, and Ashley Taylor will be featured panelists at the National Association of Professional Background Screeners (“NAPBS”) 2017 Mid-Year Legislative & Regulatory Conference to be held March 20-21 in Arlington, Virginia.  In an interview-style format, David will have a conversation with… Continue Reading

FTC and NJ AG Announce Settlement with Vizio over Collecting Consumer Viewing Habits

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Featured Posts, State Attorneys General, CFPB, & FTC
On February 6, the FTC and the New Jersey Office of the Attorney General announced a $2.2 million settlement with Vizio, Inc. over allegations the TV manufacturer installed software on its TVs to collect viewing data on 11 million consumers without their knowledge or consent.  According to the complaint, Vizio manufactured smart TVs that allowed… Continue Reading

FTC’s Latest Message to IoT Industry Comes as Complaint Against D-Link Alleging UDAP Violation Related to Security Vulnerabilities

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, State Attorneys General, CFPB, & FTC
On January 5, the Federal Trade Commission filed a complaint against D-Link Corporation, a Taiwanese corporation, and D-Link Systems, Inc., a California corporation and a subsidiary of D-Link Corporation.  D-Link sells Internet of Things (“IoT”) devices and software to support such devices.  Specifically, D-Link sells routers which transfer data packets along a network and which… Continue Reading

FDA’s Postmarket Management of Cybersecurity in Medical Devices

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
On December 28, the U.S. Food and Drug Administration issued its “nonbinding recommendations” guidance for addressing post-market cybersecurity vulnerabilities in medical devices under the title “Postmarket Management of Cybersecurity in Medical Devices.”[1] By its terms, the recommendations are for a “risk-based framework for assessing when changes to medical devices for cybersecurity vulnerabilities require reporting to… Continue Reading

Student Loan Servicer Agrees to $17.5M TCPA Class Action Settlement

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors
On January 26, the United States District Court for the Southern District of Indiana granted preliminary approval of a $17.5 million Telephone Consumer Protection Act class action against Navient Solutions Inc.  According to the original Complaint, plaintiff Randy Johnson received multiple telephone calls on his cell phone from Navient, a student loan servicing and collection… Continue Reading

NHTSA and DOT Propose Rule Mandating Vehicle-to-Vehicle Communication on Light Vehicles

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The National Highway Traffic Safety Administration and the Department of Transportation have issued a Notice of Proposed Rulemaking for autonomous and connected cars.  The NPRM “proposes to establish a new Federal Motor Vehicle Safety Standard” under 40 CFR 571 to mandate vehicle-to-vehicle (V2V) communications for new light vehicles and to standardize the message and format… Continue Reading

Ninth Circuit Reverses Dismissal of Plaintiffs’ FCRA Complaint against Fannie Mae

Posted in ALL CFS Blog Entries, Background Screening
In an unpublished decision, the Ninth Circuit Court of Appeals ruled that a complaint sufficiently alleged that Federal National Mortgage Association (“Fannie Mae”) may act as a consumer reporting agency (“CRA”) under the Fair Credit Reporting Act, which could potentially subject Fannie Mae to the accuracy requirements imposed by section 1681e(b) of the FCRA. In… Continue Reading

NY AG Settles with Acer for $115,000 over Data Breach

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Featured Posts, State Attorneys General, CFPB, & FTC
On January 26, New York Attorney General Eric Schneiderman announced a settlement with Acer Service Corporation over an alleged data breach involving more than 35,000 credit card numbers, including the credit card information and other personal information of 2,250 New York residents.  As part of the settlement, Acer agreed to pay $115,000 in penalties and… Continue Reading

Telecommunications Service Provider Does Not Have Standing to Sue Under TCPA

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors
In Telephone Science Corporation v. Asset Recovery Solutions, the United States District Court for the Northern District of Illinois recently held that Telephone Science Corporation (“TSC”), a telecommunications company, did not have standing to pursue its Telephone Consumer Protection Act claims against Asset Recovery Solutions, LLC (“ARS”), a debt collection company. TSC operates a service… Continue Reading

New York Financial Regulator Revises Proposed Cybersecurity Regulation

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, State Attorneys General, CFPB, & FTC
On December 28, the New York Department of Financial Services (“NY DFS”) released its highly anticipated revised cyber security rule.  As we previously noted here, the proposed regulations would require banks, insurance companies, and other financial services institutions to establish and maintain a cybersecurity program and to take other measures to protect against data breaches… Continue Reading

OPM Issues Final Rule on Inquiring into Job Applicants’ Criminal History and Credit Information

Posted in ALL CFS Blog Entries, Background Screening, Credit Reporting & Data Brokers
Effective January 3, 2017, the Office of Personnel Management will require that, unless an exception has been granted, federal hiring agencies cannot inquire into an applicant’s criminal history or adverse credit information until after a conditional offer of employment has been made.  This federal initiative is consistent with, and provides a timely reminder of, the… Continue Reading

Responding to a Data Breach: The FTC’s Guide

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, State Attorneys General, CFPB, & FTC
The FTC issued a new video and updated guide for businesses on how to respond to a data breach.  The three steps identified in the guide and discussed in the video are: Secure your operations – This step focuses on preventing further attacks due to the same vulnerabilities. Mobilize your breach response team Engage a… Continue Reading

FTC Issues Comments on NHTSA’s Federal Automated Vehicles Policy

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, State Attorneys General, CFPB, & FTC
On November 21, the Director of the Bureau of Consumer Protection of the Federal Trade Commission commented on the National Highway Traffic Safety Administration’s Federal Automated Vehicles Policy.  The Director opened the comment with a brief review of the FTC’s focus on privacy and security efforts related to connected devices and the Internet of Things: … Continue Reading

Data Privacy: The Current Legal Landscape

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
Data Privacy Professionals: Navigating the rapidly shifting contours of data privacy law demands a pragmatic approach. To that end, we hope you benefited from our inaugural publication. Like our prior editions, this quarterly update provides practitioners with functional issue-spotting guidance for application in the evolving data privacy and cybersecurity arenas. The results and analyses discussed… Continue Reading

Join Us on November 10 for a Discussion on Spokeo

Posted in ALL CFS Blog Entries, CFS Events, Credit Reporting & Data Brokers
Join Troutman Sanders partners David N. Anthony and Ronald I. Raether, Jr. for a complimentary webinar discussion on November 10 at 12:00 noon EST on the Spokeo Inc. v. Robins case which was decided by the United States Supreme Court on May 16, 2016.  Troutman Sanders has been following this case throughout its lifecycle and reporting… Continue Reading

Nationwide’s Petition for Rehearing Denied in Data Breach Class Action

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
On October 12, the Sixth Circuit denied Nationwide Mutual Insurance Company’s petition for rehearing en banc on the Court’s decision to revive a putative class action stemming from a 2012 data breach.  According to the plaintiffs’ class action complaint, hackers who breached Nationwide’s computer network on October 3, 2012, stole the personal information of the named… Continue Reading