Consumer Financial Services Law Monitor

Consumer Financial Services Law Monitor

monitoring the financial services industry to help companies navigate through regulatory compliance, enforcement, and litigation issues

Cyber Security, Information Governance & Privacy

Subscribe to Cyber Security, Information Governance & Privacy RSS Feed

Second Circuit Affirms Dismissal of Putative Data Breach Class Action Against Michaels

Posted in ALL CFS Blog Entries, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy
On May 23, 2017, in Whalen v. Michaels Stores, Inc., the United States Court of Appeals for the Second Circuit issued a summary order affirming the district court’s dismissal of a putative data breach class action based on lack of Article III standing. As background, the named plaintiff Mary Jane Whalen made credit card purchases at… Continue Reading

NY AG Settles with IoT Company over Security Practices

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Featured Posts, State Attorneys General, CFPB, & FTC
binary code 3d generated backgroundOn May 22, 2017, New York Attorney General Eric Schneiderman announced a settlement with Safetech Products LLC (“Safetech”) over allegations that the Internet of Things (IoT) company sold insecure wireless door and padlocks.  According to the Attorney General, the settlement marks the first time a state Attorneys General has taken legal action against a wireless… Continue Reading

State Attorneys General Reach $18.5M Agreement with Target Over 2013 Data Breach

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Featured Posts, State Attorneys General, CFPB, & FTC
DATA Security SizedOn May 23, state attorneys general from 47 states and the District of Columbia announced a settlement agreement with Target Corporation to resolve the states’ investigation into the company’s 2013 data breach.  Under the terms of the Assurance of Voluntary Compliance (“AVC”), Target will pay $18.5 million to the states – the largest multistate data… Continue Reading

TCPA Is Not Dead Yet – Court Trebles Eight Figure TCPA Award While World Awaits ACA Decision

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors, Mortgage Lenders & Servicers
While the world eagerly awaits the D.C. Circuit’s forthcoming ruling on the proper interpretation of the Telephone Consumer Protection Act (TCPA), a recent federal court ruling imposing tens of millions of dollars of liability is a reminder of the risks associated with outbound calling activities and of the stakes at play in the ACA International… Continue Reading

Class Action Filed Against Chipotle for Data Security Breach Involving Payment Processing System

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
On May 4, Bellwether Community Credit Union filed a class action suit on behalf of a proposed class of financial institutions in Colorado federal court against Chipotle Mexican Grill, Inc., claiming that the chain’s recently announced data breach caused significant financial harm to the credit union.  Bellwether’s complaint alleges that Chipotle’s purportedly lax security standards… Continue Reading

Join Us for the ISSA Summit in LA on May 18-19

Posted in ALL CFS Blog Entries, CFS Events, Cyber Security, Information Governance & Privacy
We are pleased to announce that Troutman Sanders partner Ronald Raether will be a featured speaker at the Ninth Annual Information Security Summit hosted by the Los Angeles Chapter of the Information Systems Security Association (ISSA) at the Universal City Hilton.  During a lunch panel discussion on May 19, Ron will address emerging topics in privacy and… Continue Reading

Spokeo Strikes Again: Fourth Circuit Reverses and Dismisses $12 Million FCRA Class Action on Spokeo Grounds

Posted in ALL CFS Blog Entries, Background Screening, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors, Featured Posts
Credit report with scoreIn one of the most significant post-Spokeo decisions to date, the Fourth Circuit unanimously reversed and dismissed a nearly $12 million Fair Credit Reporting Act (“FCRA”) class action judgment, finding plaintiff, Michael T. Dreher, lacked Article III standing to bring his claims. The decision provides much needed clarity from the Fourth Circuit on the viability… Continue Reading

Chipotle Discloses Data Security Breach Related to Network Supporting Payment Processing for Restaurant

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Payment Processing & Cards
In its Form 10-Q dated April 25, 2017 for the quarterly period that ended on March 31, 2017, Chipotle Mexican Grill, Inc. announced that it had detected a data security breach in its electronic processing and transmission of confidential customer and employee information.  Specifically, Chipotle’s information security team detected unauthorized activity on the network that… Continue Reading

Defendants Move to Dismiss Putative FACTA Class Action Based on Spokeo

Posted in ALL CFS Blog Entries, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy
On April 7, defendants Wolfgang’s Steakhouse, Inc. and ZMF Restaurants LLC again urged a New York federal court judge to dismiss a Fair and Accurate Transactions Act putative class action based on the Supreme Court’s decision in Spokeo, Inc. v. Robins.  In Fullwood v. Wolfgang’s Steakhouse, Inc., plaintiff Cynthia Fullwood alleged that the defendants violated… Continue Reading

FTC and NHTSA to Hold Workshop on Connected Vehicles

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The Federal Trade Commission and the National Highway Traffic Safety Administration are teaming up to hold a workshop on June 28, 2017 related to privacy and security issues posed by connected vehicles.  The FTC has requested that comments related to this issue be submitted online or by mail by May 1. “Connected vehicles” include most… Continue Reading

Supreme Court Hears Oral Argument Involving Rule 23(f) Interlocutory Appeals

Posted in ALL CFS Blog Entries, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy
The United States Supreme Court recently heard oral argument in the case of Microsoft Corp. v. Baker, where the Court is set to determine whether a plaintiff can tactically circumvent Rule 23(f) of the Federal Rules of Civil Procedure.  Rule 23(f) provides for an interlocutory appeal of a district court’s denial of class certification.  The… Continue Reading

$5.3M Settlement of TCPA Class Action Against Taxi Cab Companies Preliminarily Approved

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The United States District Court for the Western District of Washington preliminarily approved a $5.3 million settlement of a Telephone Consumer Protection Act class action against taxi cab companies Orange Cab Company, Inc. and RideCharge, Inc.  According to the complaint, the defendants worked together to develop an app, known as “Taxi Magic,” for cell phones… Continue Reading

Ninth Circuit Reverses District Court’s Dismissal of Putative TCPA Class Action

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors
The Ninth Circuit recently reversed a lower court’s dismissal of a Telephone Consumer Protection Act (TCPA) putative class action against Adir International, LLC (“Adir”), holding that Plaintiff Ned Flores (“Flores”) sufficiently alleged that Adir used an automatic telephone dialing system (“ATDS”) to send text messages to Flores. According to the First Amended Complaint, Adir is… Continue Reading

Largest Settlement of FACTA Class Action Against Restaurant Chain Granted Preliminary Approval

Posted in ALL CFS Blog Entries, Credit Reporting & Data Brokers, Cyber Security, Information Governance & Privacy
On March 23, the United States District Court for the Southern District of Florida granted preliminary approval of a nearly $31 million Fair and Accurate Credit Transactions Act (“FACTA”) class action settlement against Doctor’s Associates, Inc., doing business as Subway – the largest settlement to date in the history of FACTA.  According to the complaint,… Continue Reading

NY AG Announces Settlement with Health App Developers Over Marketing and Privacy Practices

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, State Attorneys General, CFPB, & FTC
On March 23, New York Attorney General Eric Schneiderman announced settlements with three health-related applications sold in Apple’s App Store and Google’s Play Store.  The settlements arose from allegations of misleading claims and irresponsible privacy practices.  Under the terms of the settlements, the developers agreed to provide additional information about how the apps were tested,… Continue Reading

TCPA Class Action Dismissed Based on Lack of Vicarious Liability

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors
The United States District Court for the Southern District of California recently granted summary judgment in favor of defendant United Student Aid Funds, Inc. (“USAF”) in a Telephone Consumer Protection Act class action, holding that the plaintiff had failed to prove that USAF is vicariously liable for the acts of its third party servicers.  In… Continue Reading

SuperAmerica Convenience Store Agrees to $3.5 Million TCPA Class Action Settlement

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The parties in Soular v. Northern Tier Energy, LP et al. recently filed a motion for preliminary approval of a $3.5 million Telephone Consumer Protection Act (“TCPA”) class action in the District of Minnesota.  The three named plaintiffs in the case alleged that they received unsolicited marketing text messages from the defendant convenience store, known… Continue Reading

Bebe’s Motion to Decertify TCPA Classes Denied by California Federal Court

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
On February 10, the United States District Court for the Northern District of California denied defendant Bebe Stores, Inc.’s motion to decertify the plaintiffs’ proposed classes in a Telephone Consumer Protection Act class action.  In Meyer v. Bebe Stores, Inc., the named plaintiffs alleged that they provided their cell phone numbers to Bebe in connection… Continue Reading

Ninth Circuit Affirms Summary Judgment in Favor of Defendants in TCPA Text Messaging Case

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The Ninth Circuit recently affirmed the district court’s grant of summary judgment in favor of the defendants in an action under the Telephone Consumer Protection Act regarding text messages about a gym membership. In Van Patten v. Vertical Fitness Group, LLC, Plaintiff-Appellant Bradley Van Patten visited a Gold’s Gym franchise to obtain information about a… Continue Reading

FTC and NJ AG Announce Settlement with Vizio over Collecting Consumer Viewing Habits

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Featured Posts, State Attorneys General, CFPB, & FTC
Protection of personal information.On February 6, the FTC and the New Jersey Office of the Attorney General announced a $2.2 million settlement with Vizio, Inc. over allegations the TV manufacturer installed software on its TVs to collect viewing data on 11 million consumers without their knowledge or consent.  According to the complaint, Vizio manufactured smart TVs that allowed… Continue Reading

FTC’s Latest Message to IoT Industry Comes as Complaint Against D-Link Alleging UDAP Violation Related to Security Vulnerabilities

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, State Attorneys General, CFPB, & FTC
On January 5, the Federal Trade Commission filed a complaint against D-Link Corporation, a Taiwanese corporation, and D-Link Systems, Inc., a California corporation and a subsidiary of D-Link Corporation.  D-Link sells Internet of Things (“IoT”) devices and software to support such devices.  Specifically, D-Link sells routers which transfer data packets along a network and which… Continue Reading

FDA’s Postmarket Management of Cybersecurity in Medical Devices

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
On December 28, the U.S. Food and Drug Administration issued its “nonbinding recommendations” guidance for addressing post-market cybersecurity vulnerabilities in medical devices under the title “Postmarket Management of Cybersecurity in Medical Devices.”[1] By its terms, the recommendations are for a “risk-based framework for assessing when changes to medical devices for cybersecurity vulnerabilities require reporting to… Continue Reading

Student Loan Servicer Agrees to $17.5M TCPA Class Action Settlement

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy, Debt Buyers & Collectors
On January 26, the United States District Court for the Southern District of Indiana granted preliminary approval of a $17.5 million Telephone Consumer Protection Act class action against Navient Solutions Inc.  According to the original Complaint, plaintiff Randy Johnson received multiple telephone calls on his cell phone from Navient, a student loan servicing and collection… Continue Reading

NHTSA and DOT Propose Rule Mandating Vehicle-to-Vehicle Communication on Light Vehicles

Posted in ALL CFS Blog Entries, Cyber Security, Information Governance & Privacy
The National Highway Traffic Safety Administration and the Department of Transportation have issued a Notice of Proposed Rulemaking for autonomous and connected cars.  The NPRM “proposes to establish a new Federal Motor Vehicle Safety Standard” under 40 CFR 571 to mandate vehicle-to-vehicle (V2V) communications for new light vehicles and to standardize the message and format… Continue Reading