Consumer Financial Services Law Monitor

Consumer Financial Services Law Monitor

monitoring the financial services industry to help companies navigate through regulatory compliance, enforcement, and litigation issues

Cyber Security, Information Governance & Privacy

Subscribe to Cyber Security, Information Governance & Privacy RSS Feed

New Jersey Bill Limits Use of Driver’s License Information by Retailers

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The New Jersey legislature recently passed a bill that places restrictions on retailers’ ability to collect and use personal information gleaned from driver’s licenses.  The bill, known as the Personal Information and Privacy Protection Act, is intended to give consumers more control and security over their personal information.  A copy of the bill can be… Continue Reading

Join Us on August 10 for a Webinar on A Review of the New York Cybersecurity Framework

Posted in ALL CFS Blog Entries, CFS Events, Cyber Security, Information Governance & Privacy, Featured Posts
Join Troutman Sanders attorneys Shannon VanVleet Patterson and Sheila M. Pham for a complimentary webinar on August 10, 2017 from 3:00 – 4:00 p.m. ET. On March 1, 2017, the revised Cybersecurity Requirements for Financial Services Companies adopted by the New York Department of Financial Services (“NY DFS”) became effective.  This regulation requires banks, insurance companies, and other financial… Continue Reading

TCPA Class Decertified in Missouri Federal Court

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
In a long-running Telephone Consumer Protection Act class action, Missouri District Judge Catherine Perry recently granted defendant Vein Centers for Excellence Inc.’s motion to decertify the class.  As background, Vein Centers is a marketing firm that provides graphic design and other services to doctors.  The named plaintiff, St. Louis Heart Center, Inc., filed this putative… Continue Reading

Cheesecake Factory Tries to Dismiss Putative FACTA Class Action on Spokeo Grounds

Posted in ALL CFS Blog Entries, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy
The Cheesecake Factory Restaurants, Inc. recently asked a New York federal district judge to dismiss a putative Fair and Accurate Transactions Act putative class action that accuses the restaurant chain of printing too many credit card numbers on consumers’ receipts.  Relying on the Supreme Court’s decision in Spokeo, Cheesecake Factory argues that the class action… Continue Reading

Second Circuit Affirms Dismissal of Putative Data Breach Class Action Against Michaels

Posted in ALL CFS Blog Entries, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy
On May 23, 2017, in Whalen v. Michaels Stores, Inc., the United States Court of Appeals for the Second Circuit issued a summary order affirming the district court’s dismissal of a putative data breach class action based on lack of Article III standing. As background, the named plaintiff Mary Jane Whalen made credit card purchases at… Continue Reading

NY AG Settles with IoT Company over Security Practices

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Featured Posts, State Attorneys General, CFPB, & FTC
On May 22, 2017, New York Attorney General Eric Schneiderman announced a settlement with Safetech Products LLC (“Safetech”) over allegations that the Internet of Things (IoT) company sold insecure wireless door and padlocks.  According to the Attorney General, the settlement marks the first time a state Attorneys General has taken legal action against a wireless… Continue Reading

State Attorneys General Reach $18.5M Agreement with Target Over 2013 Data Breach

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Featured Posts, State Attorneys General, CFPB, & FTC
On May 23, state attorneys general from 47 states and the District of Columbia announced a settlement agreement with Target Corporation to resolve the states’ investigation into the company’s 2013 data breach.  Under the terms of the Assurance of Voluntary Compliance (“AVC”), Target will pay $18.5 million to the states – the largest multistate data… Continue Reading

TCPA Is Not Dead Yet – Court Trebles Eight Figure TCPA Award While World Awaits ACA Decision

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors, Mortgage Lenders & Servicers
While the world eagerly awaits the D.C. Circuit’s forthcoming ruling on the proper interpretation of the Telephone Consumer Protection Act (TCPA), a recent federal court ruling imposing tens of millions of dollars of liability is a reminder of the risks associated with outbound calling activities and of the stakes at play in the ACA International… Continue Reading

Class Action Filed Against Chipotle for Data Security Breach Involving Payment Processing System

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
On May 4, Bellwether Community Credit Union filed a class action suit on behalf of a proposed class of financial institutions in Colorado federal court against Chipotle Mexican Grill, Inc., claiming that the chain’s recently announced data breach caused significant financial harm to the credit union.  Bellwether’s complaint alleges that Chipotle’s purportedly lax security standards… Continue Reading

Join Us for the ISSA Summit in LA on May 18-19

Posted in ALL CFS Blog Entries, CFS Events, Cyber Security, Information Governance & Privacy
We are pleased to announce that Troutman Sanders partner Ronald Raether will be a featured speaker at the Ninth Annual Information Security Summit hosted by the Los Angeles Chapter of the Information Systems Security Association (ISSA) at the Universal City Hilton.  During a lunch panel discussion on May 19, Ron will address emerging topics in privacy and… Continue Reading

Spokeo Strikes Again: Fourth Circuit Reverses and Dismisses $12 Million FCRA Class Action on Spokeo Grounds

Posted in ALL CFS Blog Entries, Background Screening, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors, Featured Posts
In one of the most significant post-Spokeo decisions to date, the Fourth Circuit unanimously reversed and dismissed a nearly $12 million Fair Credit Reporting Act (“FCRA”) class action judgment, finding plaintiff, Michael T. Dreher, lacked Article III standing to bring his claims. The decision provides much needed clarity from the Fourth Circuit on the viability… Continue Reading

Chipotle Discloses Data Security Breach Related to Network Supporting Payment Processing for Restaurant

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Payment Processing & Cards
In its Form 10-Q dated April 25, 2017 for the quarterly period that ended on March 31, 2017, Chipotle Mexican Grill, Inc. announced that it had detected a data security breach in its electronic processing and transmission of confidential customer and employee information.  Specifically, Chipotle’s information security team detected unauthorized activity on the network that… Continue Reading

Defendants Move to Dismiss Putative FACTA Class Action Based on Spokeo

Posted in ALL CFS Blog Entries, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy
On April 7, defendants Wolfgang’s Steakhouse, Inc. and ZMF Restaurants LLC again urged a New York federal court judge to dismiss a Fair and Accurate Transactions Act putative class action based on the Supreme Court’s decision in Spokeo, Inc. v. Robins.  In Fullwood v. Wolfgang’s Steakhouse, Inc., plaintiff Cynthia Fullwood alleged that the defendants violated… Continue Reading

FTC and NHTSA to Hold Workshop on Connected Vehicles

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The Federal Trade Commission and the National Highway Traffic Safety Administration are teaming up to hold a workshop on June 28, 2017 related to privacy and security issues posed by connected vehicles.  The FTC has requested that comments related to this issue be submitted online or by mail by May 1. “Connected vehicles” include most… Continue Reading

Supreme Court Hears Oral Argument Involving Rule 23(f) Interlocutory Appeals

Posted in ALL CFS Blog Entries, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy
The United States Supreme Court recently heard oral argument in the case of Microsoft Corp. v. Baker, where the Court is set to determine whether a plaintiff can tactically circumvent Rule 23(f) of the Federal Rules of Civil Procedure.  Rule 23(f) provides for an interlocutory appeal of a district court’s denial of class certification.  The… Continue Reading

$5.3M Settlement of TCPA Class Action Against Taxi Cab Companies Preliminarily Approved

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The United States District Court for the Western District of Washington preliminarily approved a $5.3 million settlement of a Telephone Consumer Protection Act class action against taxi cab companies Orange Cab Company, Inc. and RideCharge, Inc.  According to the complaint, the defendants worked together to develop an app, known as “Taxi Magic,” for cell phones… Continue Reading

Ninth Circuit Reverses District Court’s Dismissal of Putative TCPA Class Action

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors
The Ninth Circuit recently reversed a lower court’s dismissal of a Telephone Consumer Protection Act (TCPA) putative class action against Adir International, LLC (“Adir”), holding that Plaintiff Ned Flores (“Flores”) sufficiently alleged that Adir used an automatic telephone dialing system (“ATDS”) to send text messages to Flores. According to the First Amended Complaint, Adir is… Continue Reading

Largest Settlement of FACTA Class Action Against Restaurant Chain Granted Preliminary Approval

Posted in ALL CFS Blog Entries, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy
On March 23, the United States District Court for the Southern District of Florida granted preliminary approval of a nearly $31 million Fair and Accurate Credit Transactions Act (“FACTA”) class action settlement against Doctor’s Associates, Inc., doing business as Subway – the largest settlement to date in the history of FACTA.  According to the complaint,… Continue Reading

NY AG Announces Settlement with Health App Developers Over Marketing and Privacy Practices

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, State Attorneys General, CFPB, & FTC
On March 23, New York Attorney General Eric Schneiderman announced settlements with three health-related applications sold in Apple’s App Store and Google’s Play Store.  The settlements arose from allegations of misleading claims and irresponsible privacy practices.  Under the terms of the settlements, the developers agreed to provide additional information about how the apps were tested,… Continue Reading

TCPA Class Action Dismissed Based on Lack of Vicarious Liability

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors
The United States District Court for the Southern District of California recently granted summary judgment in favor of defendant United Student Aid Funds, Inc. (“USAF”) in a Telephone Consumer Protection Act class action, holding that the plaintiff had failed to prove that USAF is vicariously liable for the acts of its third party servicers.  In… Continue Reading

SuperAmerica Convenience Store Agrees to $3.5 Million TCPA Class Action Settlement

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The parties in Soular v. Northern Tier Energy, LP et al. recently filed a motion for preliminary approval of a $3.5 million Telephone Consumer Protection Act (“TCPA”) class action in the District of Minnesota.  The three named plaintiffs in the case alleged that they received unsolicited marketing text messages from the defendant convenience store, known… Continue Reading

Bebe’s Motion to Decertify TCPA Classes Denied by California Federal Court

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
On February 10, the United States District Court for the Northern District of California denied defendant Bebe Stores, Inc.’s motion to decertify the plaintiffs’ proposed classes in a Telephone Consumer Protection Act class action.  In Meyer v. Bebe Stores, Inc., the named plaintiffs alleged that they provided their cell phone numbers to Bebe in connection… Continue Reading

Ninth Circuit Affirms Summary Judgment in Favor of Defendants in TCPA Text Messaging Case

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The Ninth Circuit recently affirmed the district court’s grant of summary judgment in favor of the defendants in an action under the Telephone Consumer Protection Act regarding text messages about a gym membership. In Van Patten v. Vertical Fitness Group, LLC, Plaintiff-Appellant Bradley Van Patten visited a Gold’s Gym franchise to obtain information about a… Continue Reading

FTC and NJ AG Announce Settlement with Vizio over Collecting Consumer Viewing Habits

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Featured Posts, State Attorneys General, CFPB, & FTC
On February 6, the FTC and the New Jersey Office of the Attorney General announced a $2.2 million settlement with Vizio, Inc. over allegations the TV manufacturer installed software on its TVs to collect viewing data on 11 million consumers without their knowledge or consent.  According to the complaint, Vizio manufactured smart TVs that allowed… Continue Reading